Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
[SOLVED] Is an OpenVPN client configuration required?
« previous
next »
Print
Pages: [
1
]
2
Author
Topic: [SOLVED] Is an OpenVPN client configuration required? (Read 11058 times)
seamus
Jr. Member
Posts: 80
Karma: 1
[SOLVED] Is an OpenVPN client configuration required?
«
on:
February 15, 2018, 07:28:48 am »
Still working through the SSL VPN setup "How-To" guide (
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
).
Trying to follow the guide in Step 2, "Firewall Rules" - to allow traffic from the VPN clients to the LAN interface. Specifically, in the rule for the OpenVPN interface, it seems that I'm missing something because I do not see an "OpenVPN Clients" option in the drop-down for that firewall rule (as shown in the "How-To guide"); all I get is the phrase "Nothing Selected".
Could it be that the guide has omitted a step for creating an OpenVPN client?
«
Last Edit: February 21, 2018, 11:22:02 pm by seamus
»
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Is an OpenVPN client configuration required?
«
Reply #1 on:
February 15, 2018, 08:05:25 am »
Could be an out of date doc. Are you running Opnsense 17 or 18?
BTW, it's often easier, unless you have some really complex OpenVPN setup to use the wizard to do all the work for you.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
seamus
Jr. Member
Posts: 80
Karma: 1
Re: Is an OpenVPN client configuration required?
«
Reply #2 on:
February 15, 2018, 08:33:29 am »
Sorry, here's my version info:
OPNsense 18.1.2_2-amd64
FreeBSD 11.1-RELEASE-p6
OpenSSL 1.0.2n 7 Dec 2017
Re "wizards": Perhaps that is easier, but wizards in general have not served me well. I thought the advantage of following the How-To would be to gain a better "feel" for how things are organized... a learning opportunity, if you will.
Anyway - I pressed ahead with things, ignoring the difference I noted, and found I actually can connect to my OpenVPN server! Next problem is figuring out how to actually connect to resources on the network from my client machine. The client machine's IP is 10.10.0.6, and my LAN is 192.168.1.0/24... so there must be another step (or two) required to route my packets to their destination on the LAN.
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Is an OpenVPN client configuration required?
«
Reply #3 on:
February 15, 2018, 08:41:19 am »
Just have a default OpenVPN rule IPv4 Any to Any and the same for the LAN rule.
What you could do is run the wizard and note the differences.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
seamus
Jr. Member
Posts: 80
Karma: 1
Re: Is an OpenVPN client configuration required?
«
Reply #4 on:
February 15, 2018, 09:21:28 pm »
Thanks for your suggestions. I've attached screenshots of my OpenVPN and LAN firewall rules. Does anything in these rulesets look incorrect/incomplete?
It seems I get a successful connection to the firewall from my "Road Warrior" laptop, but then I'm sitting there with this IP address (10.10.0.6) that won't route on the local network.
And which wizard are you talking about? the OpenVPN Server wizard, or one of the others? Is this what people here use - the wizards?
Logged
seamus
Jr. Member
Posts: 80
Karma: 1
Re: Is an OpenVPN client configuration required?
«
Reply #5 on:
February 15, 2018, 09:22:32 pm »
Needed a second reply to get the 2nd screenshot
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Is an OpenVPN client configuration required?
«
Reply #6 on:
February 15, 2018, 09:40:40 pm »
People round here use whatever they like, some will write it all manually, some will use the wizard and some will do a bit of both, that's what I do.
Change your rules source from lan.net to any, that should fix you. The Lan.net will only allow that network, e.g. 192.168.1.0/24, you want to allow all networks that are Lan side to talk to each other.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
seamus
Jr. Member
Posts: 80
Karma: 1
Re: Is an OpenVPN client configuration required?
«
Reply #7 on:
February 15, 2018, 10:28:56 pm »
Thanks again, but there's still something missing. I've attached a copy of the fw ruleset change - is this what you meant?
Logged
seamus
Jr. Member
Posts: 80
Karma: 1
Re: Is an OpenVPN client configuration required?
«
Reply #8 on:
February 15, 2018, 10:30:02 pm »
And here's a shot of the connection status, if that's of any use
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Is an OpenVPN client configuration required?
«
Reply #9 on:
February 15, 2018, 10:36:34 pm »
Have you also checked the rules for the VPN itself?
same principle applies
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
seamus
Jr. Member
Posts: 80
Karma: 1
Re: Is an OpenVPN client configuration required?
«
Reply #10 on:
February 15, 2018, 10:40:24 pm »
Oh, a few other items that might be relevant:
1. Cannot ping anything on the LAN (192.168.1.0/24)
2. I can reach hosts outside the LAN! (e.g. google.com)
3. I've set up this fw to use DNS forwarding - not the DNS resolver (why? I've always done it this way, and it's always worked well as I have a Windows DC on the LAN.
Logged
seamus
Jr. Member
Posts: 80
Karma: 1
Re: Is an OpenVPN client configuration required?
«
Reply #11 on:
February 15, 2018, 10:43:07 pm »
Quote from: marjohn56 on February 15, 2018, 10:36:34 pm
Have you also checked the rules for the VPN itself?
same principle applies
Here's my VPN ruleset...
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Is an OpenVPN client configuration required?
«
Reply #12 on:
February 15, 2018, 10:51:55 pm »
Here's a quickie, your 'Road Warrior' laptop, apart from it's VPN connection, what other connections does it have, i.e. has it got the same LAN range as the opnsense LAN?
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Is an OpenVPN client configuration required?
«
Reply #13 on:
February 15, 2018, 10:53:52 pm »
Are you also seeing these..
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Is an OpenVPN client configuration required?
«
Reply #14 on:
February 15, 2018, 10:57:27 pm »
OpenVPN Rule generated by the wizard.
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
Print
Pages: [
1
]
2
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
[SOLVED] Is an OpenVPN client configuration required?