If openvpn starts on OPT1 - LAN interface loses internet

Started by gg901, February 16, 2025, 01:33:27 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 16, 2025, 01:33:27 AM
Hi, I'm new to this community.

I have physical Opnsense box.
router is connected to WAN port (igc1) in DHCP mode
LAN = igc0 (192.168.0.5 /24)
OPT1 = igc2 (192.168.15.1 /24)

OpenSense Client(legacy) OPT1 interface is selected. with all the required settings.

Connection Status shows as connected.

anything connected to LAN goes down. no internet access. when I disable Opensense client everything works again.


LAN interface should not be affected if the openvpn client is configured to the OPT1 Interface.

tried to do a firewall rule from OPT1 net to WAN_GW to pass but didn't do anything.

any help would be appreciated to understand why LAN is affected by this. forgive me, I have less than 10 hours experience in this.



February 16, 2025, 12:36:17 PM #1 Last Edit: February 16, 2025, 12:39:00 PM by dseven
Specifying an interface doesn't do what you think it does. It (optionally) specifies the interface (actually the IP address) that OpenVPN uses to talk to the peer (server).

What's likely happening is that your VPN server is advertising a default route, so once the VPN is up, everything will get routed through the VPN, but you probably don't have firewall routes and/or outbound NAT to make that work.

If you WAN the VPN to apply to only hosts on your "OPT1" network, see: https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

P.S. that doc is for Wireguard, but the same approach applies for OpenVPN (the significant option is "Don't add/remove routes")
Print
Go Up Pages1
User actions