OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Tutorials and FAQs »
  • SSL VPN
« previous next »
  • Print
Pages: [1]

Author Topic: SSL VPN  (Read 8228 times)

zanga

  • Newbie
  • *
  • Posts: 14
  • Karma: 1
    • View Profile
SSL VPN
« on: December 08, 2017, 09:38:18 pm »
Hello,

I followed this guide however on Step 2 - Firewall Rules - allow traffic from the VPN clients to our LAN interface, I don't see the OpenVPN clients drop down mentioned in that screenshot.

WAN has a 192.168.1.0/24 IP (will be moved to a real IP)
LAN has 192.168.2.0/24 IP
VPN has 10.10.0.0/24

The VPN connection is established, I get a 10.10.0.x IP, but I can't reach any of the 192.168.2.x IP from the LAN.

Any idea what I might be missing?
Thank you !
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2769
  • Karma: 200
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: SSL VPN
« Reply #1 on: December 08, 2017, 09:39:28 pm »
A pass firewall rule maybe?
Logged

xinnan

  • Full Member
  • ***
  • Posts: 125
  • Karma: 13
    • View Profile
Re: SSL VPN
« Reply #2 on: December 09, 2017, 12:54:06 am »
If there is no "pass any" rule for the VPN you can have problems.

Also, with IPs like:

WAN has a 192.168.1.0/24 IP (will be moved to a real IP)
LAN has 192.168.2.0/24 IP

You can have problems if you are trying to access the VPN from another network that includes 192.168.1.0/24 IP

You probably already know this, but lets say you are at your friends house or some office and the network there is 192.168.1.0/24 IP

Then you access your VPN remotely.

And you try to go to the remote 192.168.1.0/24 IP network.  Odds are it either won't work at all or will work only intermittently.  I wouldn't use 192.168.1.0/24 IP for anything ever.  Not even for testing. 
Logged

zanga

  • Newbie
  • *
  • Posts: 14
  • Karma: 1
    • View Profile
Re: SSL VPN
« Reply #3 on: December 09, 2017, 09:01:16 am »
Thank you for your replies !

I thought the pass rule is the one on step 2
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
The one for the LAN interface.
Is there another one that's missing ?

You are correct with the 192.168.1.0 network, indeed it's only used for testing and the odds are this might actually be the issue if the pass rule is already there.
Logged

xinnan

  • Full Member
  • ***
  • Posts: 125
  • Karma: 13
    • View Profile
Re: SSL VPN
« Reply #4 on: December 09, 2017, 10:33:47 am »
There should be 1 rule added on the WAN to allow outside access to the VPN

1 rule added on the VNP interface to allow access to "ANY/ALL"

And your LAN should have already had an allow all rule.

If you did all that, it may be a conflict caused by that often used subnet.
Logged

zanga

  • Newbie
  • *
  • Posts: 14
  • Karma: 1
    • View Profile
Re: SSL VPN
« Reply #5 on: December 10, 2017, 11:06:59 am »
I added the VPN access rule on the WAN ANY/ALL 1194
And on the VPN tab permit from the 10.10.0.0/24 to all

The guide doesn't mention anything on the LAN tab.

Also, for some reason I don't see that OpenVPN clients drop down.

Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Tutorials and FAQs »
  • SSL VPN
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2