Issues with Subnet behind UDM Pro
-
@misinthe said in Issues with Subnet behind UDM Pro:
Thank you, I modified it.
Do not forget to like the comment, which helped you solve your problem. Thank you
-
So, here are the results.
Default to Google
Default to Lan Server
OpenVPN to Google
OpenVPN to Lan Server
-
@silence said in Issues with Subnet behind UDM Pro:
@misinthe said in Issues with Subnet behind UDM Pro:
Thank you, I modified it.
Do not forget to like the comment, which helped you solve your problem. Thank you
It didn't fix my issue, I just modified the rule in the DNS rule like you suggested.
-
@misinthe said in Issues with Subnet behind UDM Pro:
It didn't fix my issue, I just modified the rule in the DNS rule like you suggested.
Excellent, now we can go step by step: this server 10.10.0.5 what is it? and from it you can reach 8.8.8.8 ?
-
@Misinthe you lan server know how to get back to pfsense?
-
@silence said in Issues with Subnet behind UDM Pro:
@misinthe said in Issues with Subnet behind UDM Pro:
It didn't fix my issue, I just modified the rule in the DNS rule like you suggested.
Excellent, now we can go step by step: this server 10.10.0.5 what is it? and from it you can reach 8.8.8.8 ?
This is my media server, Emby/Plex. And yes, everything on my 10.10.0.0/24 network can reach out to the internet, that's my home's main LAN.
-
@silence said in Issues with Subnet behind UDM Pro:
@Misinthe you lan server know how to get back to pfsense?
What do you mean? All my networks use PfSense as DNS server, so pfBlockerNG can do it's thing.
I'm starting to believe the UDMP might be the one blocking.
-
@misinthe publish your openvpn configuration.
-
@silence said in Issues with Subnet behind UDM Pro:
@misinthe publish your openvpn configuration.
Here you go
-
@misinthe said in Issues with Subnet behind UDM Pro:
So, here are the results.
So as you see, you don't get a respond from the server, even if the static route points to the UDM.
So next step is to sniff the traffic on the UDM on both WAN and LAN side, while you send pings from pfSense. Or maybe you can sniff the packets on the destination server itself.
Remember what I said about the operating system firewall beginning with my first here.
-
@viragomann said in Issues with Subnet behind UDM Pro:
@misinthe said in Issues with Subnet behind UDM Pro:
So, here are the results.
So as you see, you don't get a respond from the server, even if the static route points to the UDM.
So next step is to sniff the traffic on the UDM on both WAN and LAN side, while you send pings from pfSense. Or maybe you can sniff the packets on the destination server itself.
Remember what I said about the operating system firewall beginning with my first here.
I feel it's more the UDM blocking because I can't reach anything behind it, not just my media server.
-
@misinthe said in Issues with Subnet behind UDM Pro:
not just my media server.
MARK THIS OPTION PLEASE
Because it repeats 10.20.50.0/24 ?
-
@silence
So I did those changes but I can't test it, for some reason, I can't connect to the OpenVPN Server now. I haven't changed any setting, so I'm not sure what's going on.Edit: So, I figured why I couldn't connect, I lost power yesterday for a couple of hours and my ISP IP changed, so I had to redownload the VPN File, I can connect now, but it still don't work even with the "Force all traffic through the tunnel" enabled.
-
@misinthe said in Issues with Subnet behind UDM Pro:
Hello everyone, I am having a little issue with OpenVPN and I was hoping to get some help.
How my network is set up is, from the WAN, it goes into my PfSense firewall, then that splits into my DMZ and the other goes into a UDM Pro, which creates my main LAN for everything in my house.
On the Firewall, my networks are:
LAN - 10.20.0.0/24
DMZ - 10.30.0.0/24
OpenVPN - 10.50.0.0/24On the UDM Pro, my networks are:
WAN (From PfSense) - 10.20.0.0/24
LAN - 10.10.0.0/24
IoT - 10.10.10.0/24
Guest - 10.10.40.0/24My issue is, when I use the OpenVPN, I can connect fine on the 10.50.0.0/24 and I can reach the 10.20.0.0/24 network, but I can't get past that into my 10.10.0.0/24 network to access my internal servers.
I have tried adding rules into both the VPN and the UDMP firewalls but nothing seems to help.Any ideas would be appreciated!
at the top it said your vpn network is: 10.50.0.0/24 but in your openvpn config it has 10.20.50.0/24 I think we should start by clarifying the networks and what each 1 is for then it can help you clean up and get your setting.
-
@silence
My apologies, that was my bad, here is the list of my networks.
On the pfSense:
LAN is basically just providing for the UDM Pro.
OPT1 is my DMZ.
OpenVPN is my VPN.
On the UDM Pro:
Default is my main LAN
Guest is Guest
IoT is for my IoT devices
NoT is for things I don't want to go on the internet but I need access on the network.
My UDM Pro has a WAN address of 10.20.0.5 provided by pfSense.
-
@misinthe, perfect
Now explain what you want to accomplish? and I will help you as soon as possible.@misinthe said in Issues with Subnet behind UDM Pro:
How my network is set up is, from the WAN, it goes into my PfSense firewall, then that splits into my DMZ and the other goes into a UDM Pro, which creates my main LAN for everything in my house.
question: does your wan in pfsense by any chance have an RFC ip?
@misinthe said in Issues with Subnet behind UDM Pro:
OpenVPN is my VPN.
Why don't I see an openvpn interface?
-
@silence said in Issues with Subnet behind UDM Pro:
@misinthe, perfect
Now explain what you want to accomplish? and I will help you as soon as possible.I just want to be able to VPN into the network inside the UDM Pro, with Open VPN, I am able to get into the 10.20.50.0 network, which is in the pfSense, but I cannot reach my 10.10.0.0 network from it.
question: does your wan in pfsense by any chance have an RFC ip?
I am not sure about this one, how can I verify this?
Why don't I see an openvpn interface?
I don't know, I used the Wizard to create the OpenVPN Server. This is how it looks. Maybe because it uses the WAN interface?
-
@misinthe
There is no special VPN interface needed for your purposes.What is about filter rule on the UDM? Don't you know, how to configure it?
You obviously cannot get from the UDM WAN to its LAN. So you may have to allow it.For testing again, you can connect a PC to the UDMs WAN 10.20.0.0/24. Configure its network interface IP manually and set the UDMs WAN IP as gateway. Then check if you can access a device in the UDMs LAN.
From all you wrote here, I assume, you will not be able to. So the UDM blocks the access and there is nothing you can do on pfSense to resolve this. -
@viragomann said in Issues with Subnet behind UDM Pro:
@misinthe
There is no special VPN interface needed for your purposes.What is about filter rule on the UDM? Don't you know, how to configure it?
You obviously cannot get from the UDM WAN to its LAN. So you may have to allow it.For testing again, you can connect a PC to the UDMs WAN 10.20.0.0/24. Configure its network interface IP manually and set the UDMs WAN IP as gateway. Then check if you can access a device in the UDMs LAN.
From all you wrote here, I assume, you will not be able to. So the UDM blocks the access and there is nothing you can do on pfSense to resolve this.That's what I was thinking, The UDMP has to be blocking something, but I've added a rule on Internet In, Internet Local, LAN In and LAN Local to allow traffic coming from 10.20.50.0 and it still won't work.
-
@misinthe said in Issues with Subnet behind UDM Pro:
but I've added a rule on Internet In, Internet Local, LAN In and LAN Local to allow traffic coming from 10.20.50.0 and it still won't work
Not even from 10.20.50.0/24 like ping from pfSense?
Consider that access from the VPN client has an IP out of its tunnel network pool as source, so it's from outside of 10.20.50.0/24 and won't be covered by this rule.
However, I'm still suspecting that the LAN PC is blocking access from outside. To check this out, allow another subnet behind the UDM to access the LAN and try to access from a device within this subnet.