Openvpn has been connected successfully, but can not access the LAN

Started by tianmo, February 13, 2017, 07:26:57 PM

Previous topic - Next topic
I follow the instructions in how to "Setup SSL VPN Road Warrior" as the link https://docs.opnsense.org/manual/how-tos/sslvpn_client.html to start a openvpn server.
And export a client for ios.then I import the client to my iphone,connect to the server successfully.everything looks fine,BUT I can't access the LAN.I input the LAN address in iphone safari ,but I can not open opnsense login page.
What is wrong?
Any help are Appreciated.
Thank you!
or,my opnsense version is 17.1.1

Tried it again and again with 17.7. Could not make it work at all. Finally just ran OpenVPN wizard. That worked.

Quote from: tianmo on February 13, 2017, 07:26:57 PM
I follow the instructions in how to "Setup SSL VPN Road Warrior" as the link https://docs.opnsense.org/manual/how-tos/sslvpn_client.html to start a openvpn server.
And export a client for ios.then I import the client to my iphone,connect to the server successfully.everything looks fine,BUT I can't access the LAN.I input the LAN address in iphone safari ,but I can not open opnsense login page.
What is wrong?
Any help are Appreciated.
Thank you!
or,my opnsense version is 17.1.1

Since it connects, but no data is transferred, it seems like you didn't set-up the "allow" firewall rules for OpenVPN interface: even if you declare the internal network IPs for the VPN clients, a rule is still required for data to be passed to/ from connected VPN clients from/ to OPNsense and other interfaces/ networks.

Check that, and let us know if it worked.


I had exactly the same issue, having followed the same guide.  I saw the reference to the OpenVPN wizard in this post (must admit, I didn't even notice there was a wizard) and tried that, to create a 2nd OpenVPN server alongside the one I have and it's working now.

My problem was the firewall rules, I'm put them in but not quite correctly although I'm not sure why the didn't work.

I decided to change the source on the OPENVPN tab of the firewall rules to not be the actual network (10.10.0.0/24 in the example) but to replace it with the network name (OpenVPN net), this didn't work for some reason.

QuoteI decided to change the source on the OPENVPN tab of the firewall rules to not be the actual network (10.10.0.0/24 in the example) but to replace it with the network name (OpenVPN net), this didn't work for some reason.

This is true, it doesn't work if you put OpneVPN Net in the rule, it might be a bug or something, but it works with the network CIDR notation/ name.

Regarding rules, I never had connectivity problems once I paid a fair amount of attention to them.