Issues with Subnet behind UDM Pro
-
@silence
Ahh, but we talking here about an issue of accessing the network behind the UDM from an OpenVPN client, which is connected to pfSense. So these rules are not relevant here. -
@viragomann said in Issues with Subnet behind UDM Pro:
Ahh, but we talking here about an issue of accessing the network behind the UDM from an OpenVPN client, which is connected to pfSense. So these rules are not relevant here.
These rules point to ip as 10.20.50.0, it seems to me that they were confused, this must be placed in the configuration of their openvpn.
-
@silence said in Issues with Subnet behind UDM Pro:
@viragomann said in Issues with Subnet behind UDM Pro:
network devices may probably block access from outside their subnet.
It is possible, but even so in your firewall rule you have nothing so I understand that this rule is not even running.
On the other hand @Misinthe shows his openvpn configuration, this would help a lot.
Thank you, I modified it.
-
@silence said in Issues with Subnet behind UDM Pro:
@viragomann said in Issues with Subnet behind UDM Pro:
Ahh, but we talking here about an issue of accessing the network behind the UDM from an OpenVPN client, which is connected to pfSense. So these rules are not relevant here.
These rules point to ip as 10.20.50.0, it seems to me that they were confused, this must be placed in the configuration of their openvpn.
So those rules are not really being used right now because I haven't finished setting my Webhost up.
Only the OpenVPN points to 10.20.50.0, which is what I'm trying to make work, the other uses 10.30.0.50, which is a VM's IP on my DMZ host.
-
@misinthe said in Issues with Subnet behind UDM Pro:
Thank you, I modified it.
Do not forget to like the comment, which helped you solve your problem. Thank you
-
So, here are the results.
Default to Google
Default to Lan Server
OpenVPN to Google
OpenVPN to Lan Server
-
@silence said in Issues with Subnet behind UDM Pro:
@misinthe said in Issues with Subnet behind UDM Pro:
Thank you, I modified it.
Do not forget to like the comment, which helped you solve your problem. Thank you
It didn't fix my issue, I just modified the rule in the DNS rule like you suggested.
-
@misinthe said in Issues with Subnet behind UDM Pro:
It didn't fix my issue, I just modified the rule in the DNS rule like you suggested.
Excellent, now we can go step by step: this server 10.10.0.5 what is it? and from it you can reach 8.8.8.8 ?
-
@Misinthe you lan server know how to get back to pfsense?
-
@silence said in Issues with Subnet behind UDM Pro:
@misinthe said in Issues with Subnet behind UDM Pro:
It didn't fix my issue, I just modified the rule in the DNS rule like you suggested.
Excellent, now we can go step by step: this server 10.10.0.5 what is it? and from it you can reach 8.8.8.8 ?
This is my media server, Emby/Plex. And yes, everything on my 10.10.0.0/24 network can reach out to the internet, that's my home's main LAN.
-
@silence said in Issues with Subnet behind UDM Pro:
@Misinthe you lan server know how to get back to pfsense?
What do you mean? All my networks use PfSense as DNS server, so pfBlockerNG can do it's thing.
I'm starting to believe the UDMP might be the one blocking.
-
@misinthe publish your openvpn configuration.
-
@silence said in Issues with Subnet behind UDM Pro:
@misinthe publish your openvpn configuration.
Here you go
-
@misinthe said in Issues with Subnet behind UDM Pro:
So, here are the results.
So as you see, you don't get a respond from the server, even if the static route points to the UDM.
So next step is to sniff the traffic on the UDM on both WAN and LAN side, while you send pings from pfSense. Or maybe you can sniff the packets on the destination server itself.
Remember what I said about the operating system firewall beginning with my first here.
-
@viragomann said in Issues with Subnet behind UDM Pro:
@misinthe said in Issues with Subnet behind UDM Pro:
So, here are the results.
So as you see, you don't get a respond from the server, even if the static route points to the UDM.
So next step is to sniff the traffic on the UDM on both WAN and LAN side, while you send pings from pfSense. Or maybe you can sniff the packets on the destination server itself.
Remember what I said about the operating system firewall beginning with my first here.
I feel it's more the UDM blocking because I can't reach anything behind it, not just my media server.
-
@misinthe said in Issues with Subnet behind UDM Pro:
not just my media server.
MARK THIS OPTION PLEASE
Because it repeats 10.20.50.0/24 ?
-
@silence
So I did those changes but I can't test it, for some reason, I can't connect to the OpenVPN Server now. I haven't changed any setting, so I'm not sure what's going on.Edit: So, I figured why I couldn't connect, I lost power yesterday for a couple of hours and my ISP IP changed, so I had to redownload the VPN File, I can connect now, but it still don't work even with the "Force all traffic through the tunnel" enabled.
-
@misinthe said in Issues with Subnet behind UDM Pro:
Hello everyone, I am having a little issue with OpenVPN and I was hoping to get some help.
How my network is set up is, from the WAN, it goes into my PfSense firewall, then that splits into my DMZ and the other goes into a UDM Pro, which creates my main LAN for everything in my house.
On the Firewall, my networks are:
LAN - 10.20.0.0/24
DMZ - 10.30.0.0/24
OpenVPN - 10.50.0.0/24On the UDM Pro, my networks are:
WAN (From PfSense) - 10.20.0.0/24
LAN - 10.10.0.0/24
IoT - 10.10.10.0/24
Guest - 10.10.40.0/24My issue is, when I use the OpenVPN, I can connect fine on the 10.50.0.0/24 and I can reach the 10.20.0.0/24 network, but I can't get past that into my 10.10.0.0/24 network to access my internal servers.
I have tried adding rules into both the VPN and the UDMP firewalls but nothing seems to help.Any ideas would be appreciated!
at the top it said your vpn network is: 10.50.0.0/24 but in your openvpn config it has 10.20.50.0/24 I think we should start by clarifying the networks and what each 1 is for then it can help you clean up and get your setting.
-
@silence
My apologies, that was my bad, here is the list of my networks.
On the pfSense:
LAN is basically just providing for the UDM Pro.
OPT1 is my DMZ.
OpenVPN is my VPN.
On the UDM Pro:
Default is my main LAN
Guest is Guest
IoT is for my IoT devices
NoT is for things I don't want to go on the internet but I need access on the network.
My UDM Pro has a WAN address of 10.20.0.5 provided by pfSense.
-
@misinthe, perfect
Now explain what you want to accomplish? and I will help you as soon as possible.@misinthe said in Issues with Subnet behind UDM Pro:
How my network is set up is, from the WAN, it goes into my PfSense firewall, then that splits into my DMZ and the other goes into a UDM Pro, which creates my main LAN for everything in my house.
question: does your wan in pfsense by any chance have an RFC ip?
@misinthe said in Issues with Subnet behind UDM Pro:
OpenVPN is my VPN.
Why don't I see an openvpn interface?
