Issues with Subnet behind UDM Pro
-
@misinthe
As I mentioned, network devices may probably block access from outside their subnet. That is the default behavior.To investigate use the Ping tool on pfSense in the Diagnostic menu to ping a device behind the UDM. Try a ping with default settings, then change the source to OpenVPN and try again.
-
@viragomann said in Issues with Subnet behind UDM Pro:
network devices may probably block access from outside their subnet.
It is possible, but even so in your firewall rule you have nothing so I understand that this rule is not even running.
On the other hand @Misinthe shows his openvpn configuration, this would help a lot.
-
@silence said in Issues with Subnet behind UDM Pro:
but even so in your firewall rule you have nothing so I understand that this rule is not even running.
So you say, allowing anything from any to any is not sufficient?
What are you missing?@Misinthe
BTW: You should modify the block DNS rule on LAN and change the protocol to TCP/UDP. DNS may possibly fallback to TCP. -
@viragomann said in Issues with Subnet behind UDM Pro:
What are you missing?
I mean these rules all 0 / 0 !
-
@silence
Ahh, but we talking here about an issue of accessing the network behind the UDM from an OpenVPN client, which is connected to pfSense. So these rules are not relevant here. -
@viragomann said in Issues with Subnet behind UDM Pro:
Ahh, but we talking here about an issue of accessing the network behind the UDM from an OpenVPN client, which is connected to pfSense. So these rules are not relevant here.
These rules point to ip as 10.20.50.0, it seems to me that they were confused, this must be placed in the configuration of their openvpn.
-
@silence said in Issues with Subnet behind UDM Pro:
@viragomann said in Issues with Subnet behind UDM Pro:
network devices may probably block access from outside their subnet.
It is possible, but even so in your firewall rule you have nothing so I understand that this rule is not even running.
On the other hand @Misinthe shows his openvpn configuration, this would help a lot.
Thank you, I modified it.
-
@silence said in Issues with Subnet behind UDM Pro:
@viragomann said in Issues with Subnet behind UDM Pro:
Ahh, but we talking here about an issue of accessing the network behind the UDM from an OpenVPN client, which is connected to pfSense. So these rules are not relevant here.
These rules point to ip as 10.20.50.0, it seems to me that they were confused, this must be placed in the configuration of their openvpn.
So those rules are not really being used right now because I haven't finished setting my Webhost up.
Only the OpenVPN points to 10.20.50.0, which is what I'm trying to make work, the other uses 10.30.0.50, which is a VM's IP on my DMZ host.
-
@misinthe said in Issues with Subnet behind UDM Pro:
Thank you, I modified it.
Do not forget to like the comment, which helped you solve your problem. Thank you
-
So, here are the results.
Default to Google
Default to Lan Server
OpenVPN to Google
OpenVPN to Lan Server
-
@silence said in Issues with Subnet behind UDM Pro:
@misinthe said in Issues with Subnet behind UDM Pro:
Thank you, I modified it.
Do not forget to like the comment, which helped you solve your problem. Thank you
It didn't fix my issue, I just modified the rule in the DNS rule like you suggested.
-
@misinthe said in Issues with Subnet behind UDM Pro:
It didn't fix my issue, I just modified the rule in the DNS rule like you suggested.
Excellent, now we can go step by step: this server 10.10.0.5 what is it? and from it you can reach 8.8.8.8 ?
-
@Misinthe you lan server know how to get back to pfsense?
-
@silence said in Issues with Subnet behind UDM Pro:
@misinthe said in Issues with Subnet behind UDM Pro:
It didn't fix my issue, I just modified the rule in the DNS rule like you suggested.
Excellent, now we can go step by step: this server 10.10.0.5 what is it? and from it you can reach 8.8.8.8 ?
This is my media server, Emby/Plex. And yes, everything on my 10.10.0.0/24 network can reach out to the internet, that's my home's main LAN.
-
@silence said in Issues with Subnet behind UDM Pro:
@Misinthe you lan server know how to get back to pfsense?
What do you mean? All my networks use PfSense as DNS server, so pfBlockerNG can do it's thing.
I'm starting to believe the UDMP might be the one blocking.
-
@misinthe publish your openvpn configuration.
-
@silence said in Issues with Subnet behind UDM Pro:
@misinthe publish your openvpn configuration.
Here you go
-
@misinthe said in Issues with Subnet behind UDM Pro:
So, here are the results.
So as you see, you don't get a respond from the server, even if the static route points to the UDM.
So next step is to sniff the traffic on the UDM on both WAN and LAN side, while you send pings from pfSense. Or maybe you can sniff the packets on the destination server itself.
Remember what I said about the operating system firewall beginning with my first here.
-
@viragomann said in Issues with Subnet behind UDM Pro:
@misinthe said in Issues with Subnet behind UDM Pro:
So, here are the results.
So as you see, you don't get a respond from the server, even if the static route points to the UDM.
So next step is to sniff the traffic on the UDM on both WAN and LAN side, while you send pings from pfSense. Or maybe you can sniff the packets on the destination server itself.
Remember what I said about the operating system firewall beginning with my first here.
I feel it's more the UDM blocking because I can't reach anything behind it, not just my media server.
-
@misinthe said in Issues with Subnet behind UDM Pro:
not just my media server.
MARK THIS OPTION PLEASE
Because it repeats 10.20.50.0/24 ?
