WAN on a RFC1918 address is being blocked despite unchecking checkbox

[keesb]

Hi,

My setup is a OPNsense with its WAN port in a local network 172.16.16.0/24. The LAN port is configured as its default 192.168.1.1/24
I've created a OpenVPN server with all the bells and whistles (CA, certs, etc).

The WAN interface definition has the "Block private network" disabled. So, I'm expecting that traffic from 172.16.16.0/24 is not blocked.

However, when a VPN client on the 172.16.16.0/24 network tries to connect it fails. In the filter log I see that incoming VPN packets on the WAN port are still being blocked.

What else do I need to do to let the VPN traffic pass?
-- Kees

[dseven]

Have you created a firewall rule to allow the inbound VPN connections on your WAN port? Nothing is allowed in unless there's a policy that says so....

[EricPerl]

And you might want to disable reply-to in Firewall > Settings > Advanced
If the OPN WAN GW points to another firewall, OUT traffic from WAN will be dropped by that firewall.
@dseven taught me that one.

[keesb]

Thanks. That works now.

Thanks for the tip on the reply-to setting. Indeed I have the OPNsense behind another router/gateway. I have two use cases, one behind a FritzBox and one behind a primary OPNsense router. Both cases are working now.