OpenVPN Peer-to-Peer (SSL/TSL) - unable to ping from Server LAN to Client LAN

[ErAzOr]

Hi,

I successfully esteblished a connection between my home LAN (10.0.1.0/24) and my LAN on esxi host (10.0.3.0/24) by OpenVPN, where OPNsense on esxi acts as OpenVPN Server.

from all my clients on home LAN I can access all clents on esxi without problems.
My problem is, that I'm unable to access my Clients on home LAN from OPNsense directly, or the clients behind.

For example: When I try to ping a (home) client directly on OPNsense shell, I get no response.

I think my routing table seems to be fine:
ipv4   default   88.99.181.161   UGS   16557350   1500   em0   wan   
ipv4   10.0.1.0/24   10.0.100.2   UGS   1189   1500   ovpns1   OpenVPN_Site_To_Site   
ipv4   10.0.3.0/24   link#2   U   46533350   1500   em1   LAN   
ipv4   10.0.3.1   link#2   UHS   0   16384   lo0       
ipv4   10.0.100.0/24   10.0.100.2   UGS   41400   1500   ovpns1   OpenVPN_Site_To_Site   
ipv4   10.0.100.1   link#8   UHS   0   16384   lo0       
ipv4   10.0.100.2   link#8   UH   0   1500   ovpns1   OpenVPN_Site_To_Site

I don't see any blocked packets in my firewall logs.

Does anyone have an idea, what's wrong?

[kug1977]

Hi,

on IPsec you have to make sure, that you use a Source IP if the OPNsense Interface that is part of your tunnel, to make the packages travel through the tunnel:

ping -S <IP OPNsense tunnel Interface> <home client>

else the packages with a private IP travel outside of the tunnel and will be blocked on the next hop behind WAN.

King regards,
Kay-Uwe Genz