problem with opnsense clients

Started by ibinsfei, July 05, 2024, 11:47:39 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 05, 2024, 11:47:39 AM Last Edit: July 05, 2024, 12:00:00 PM by ibinsfei
i've setup a openVPN-connection with opnsense as clients.
opnsense can ping the openVPN-servers ip and also clients in the openVPN-servers network.
But clients of opnsense cannot, it seems, that there is some problem with the routing for the clients.

opnsense routing (netstat -rn):
Code Select
Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.102.1      UGS      vtnet1
10.8.0.0/24        10.8.0.13          UGS      ovpnc1
10.8.0.1           10.8.0.13          UGHS     ovpnc1
10.8.0.13          link#7             UH       ovpnc1
10.8.0.14          link#7             UHS         lo0
127.0.0.1          link#3             UH          lo0
192.168.101.0/24   link#1             U        vtnet0
192.168.101.143    link#1             UHS         lo0
192.168.102.0/24   link#2             U        vtnet1
192.168.102.3      link#2             UHS         lo0
192.168.178.0/24   10.8.0.13          UGS      ovpnc1


ping on opnsense:
Code Select
# ping -c 3 10.8.0.1
PING 10.8.0.1 (10.8.0.1): 56 data bytes
64 bytes from 10.8.0.1: icmp_seq=0 ttl=64 time=15.191 ms
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=21.636 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=13.167 ms

--- 10.8.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 13.167/16.665/21.636/3.611 ms
# ping -c 3 192.168.178.1
PING 192.168.178.1 (192.168.178.1): 56 data bytes
64 bytes from 192.168.178.1: icmp_seq=0 ttl=63 time=13.184 ms
64 bytes from 192.168.178.1: icmp_seq=1 ttl=63 time=13.986 ms
64 bytes from 192.168.178.1: icmp_seq=2 ttl=63 time=20.955 ms

--- 192.168.178.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 13.184/16.041/20.955/3.489 ms


Routing client (192.168.101.143 ist opnSense):
Code Select
~# route -n
Kernel-IP-Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.101.143 0.0.0.0         UG    0      0        0 eth0
192.168.101.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0

ping on client:
Code Select
# ping -c 3 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.

--- 10.8.0.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2055ms
ping -c 3 192.168.178.1
PING 192.168.178.1 (192.168.178.1) 56(84) bytes of data.

--- 192.168.178.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2047ms
trace on client:
Code Select
# traceroute -n 10.8.0.1
traceroute to 10.8.0.1 (10.8.0.1), 30 hops max, 60 byte packets
1  192.168.101.143  0.305 ms  0.268 ms  0.253 ms
2  * * *
3  * * *
4  * * *
5  * * *
6  * * *
7  * * *
8  * * *
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
July 05, 2024, 01:06:05 PM #1
It is working now after i set a NAT outbound rule, what i really dont understand. There should be no NAT neccessary.
Print
Go Up Pages1
User actions