OPNsense with one LAN interface and ping over local network.

[miketk]

Hello everyone.

I have a slightly strange use of OPNsense. I use it not as a gateway, but as an OpenVPN server. Other devices act as gateways, forwarding the ports I need to OPNsense. That's not the point. Everything works well enough and has been implemented several times.

There is another problem. I configure a machine with one interface. This is a LAN interface. I define the default gateway on the same interface. After configuring, this machine is not accessible from the LAN via ping. Nothing helps except disabling the firewall. In the new installation, I need to use NAT, and accordingly I cannot completely disable the firewall.

Adding rules to the firewall does not change anything. In debugging, I see packets coming to opnsense from the correct address, but I do not see packets going back. I understand that my usage format is strange. But I still wait for any advice, except for making opnsense a router, since I am not a network administrator and cannot do this physically.

[bartjsmit]

Can you configure OpenVPN with a TAP interface? That makes the tunnel part of the LAN and you don't need routing, firewall rules or NAT.

[Patrick M. Hausen]

Firewall > Settings > Advanced > Disable reply-to ;-)

Also disable NAT globally just to make sure.

[miketk]

Unfortunately, I need routing and NAT, I can't turn off TUN or NAT. Although the command "sudo pfctl -d" fixes the behavior and pings go, but it doesn't work, I need NAT. Any other ideas on how to change the behavior of opsense?

[Patrick M. Hausen]

As I wrote:

Firewall > Settings > Advanced > Disable reply-to

[miketk]

Thank you. The problem was solved by adding a second interface, allowing pings, running the master through the initial one and enabling the last recommended option that you sent. Thank you.