Cannot ping anything on the LAN from OpenVPN client

Started by iulian.dragomir, Today at 08:23:07 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 08:23:07 AM
Hello kind people,

I am trying to move away from a different commercial firewall with bad support - to OPNsense - but in order to do that, I need to have a fully functional solution. I am not an expert related to routing/firewalls or OPNSense, I did set up an OpenVPN box back in the day, but that pretty much sums up my experience with said solution.

My current setup is the following:

WAN1 - IP address x.x.x.x
WAN2 - IP address y.y.y.y
LAN - IP address for the LAN interface - 192.168.0.223 netmask 255.255.248.0
OpenVPN clients subnet 10.212.135.0/24
I have (or I think I have) a working WAN failover setup, with WAN1 being the main and WAN2 being the backup. I didn't get to test this scenario fully, as I only have removed WAN1 from the working firewall and connected it to the OPNsense box, and left WAN2 - secondary connection in the working firewall. But the internet works just fine, with just WAN1 being connected right now.

So, I set up an OpenVPN server, I have managed to connect to the OpenVPN server, from the connected PC (over OpenVPN) I can ping the gateway 10.212.135.1 which is assigned to the other end of the VPN - on the server, I can ping the LAN interface of the OPNSense box, which is 192.168.0.223, but I cannot ping/access anything else on the network 192.168.0.0/255.255.248.0. Also, from a PC on the network, I can ping the OPNSense box IP, but I cannot ping anything on the 10.212.135.0 subnet. On the connected client I can see the route pushed (I hope it's the correct one though):

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.100     192.168.1.16     25
          0.0.0.0        128.0.0.0     10.212.135.1     10.212.135.2    257
     10.212.135.0    255.255.255.0         On-link      10.212.135.2    257
     10.212.135.2  255.255.255.255         On-link      10.212.135.2    257
   10.212.135.255  255.255.255.255         On-link      10.212.135.2    257

I will attach below the firewall rules, as I suspect there is where I have missed something, and I need help with that.

Could anyone please give me an idea on what I am doing wrong?

Thank you,

Iulian

Print
Go Up Pages1
User actions