Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLANs and VPN

    Scheduled Pinned Locked Moved Firewalling
    11 Posts 3 Posters 793 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rcoleman-netgate Netgate @natethegreat21
      last edited by

      @natethegreat21 how are you validating the traffic is clearing? Is it a ping? What's the source? Best bet is to find one spot, make it stop working, and then work from there (by duplicating/expanding rules).

      Rules are also run from top to bottom.

      Personally I would avoid Floating rules unless you absolutely have to have them. They wreck havoc on systems.

      Ryan
      Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
      Requesting firmware for your Netgate device? https://go.netgate.com
      Switching: Mikrotik, Netgear, Extreme
      Wireless: Aruba, Ubiquiti

      natethegreat21N 1 Reply Last reply Reply Quote 0
      • natethegreat21N Offline
        natethegreat21 @rcoleman-netgate
        last edited by natethegreat21

        @rcoleman-netgate I am trying to RDP and ping the servers/vms from a hotspot and I tried at my office but no luck.. I will disable the floating rules and see if that helps.

        R 1 Reply Last reply Reply Quote 0
        • R Offline
          rcoleman-netgate Netgate @natethegreat21
          last edited by

          @natethegreat21 Check packet captures, too, Windows Firewall is a royal PITB at times. I've seen networks from VPNs get rejected because they're not part of the local LAN.

          Ryan
          Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
          Requesting firmware for your Netgate device? https://go.netgate.com
          Switching: Mikrotik, Netgear, Extreme
          Wireless: Aruba, Ubiquiti

          natethegreat21N 1 Reply Last reply Reply Quote 0
          • natethegreat21N Offline
            natethegreat21 @rcoleman-netgate
            last edited by

            @rcoleman-netgate I will take a package capture. Do you think I need to allow the OpenVPN port in windows firewall?

            R J 2 Replies Last reply Reply Quote 0
            • R Offline
              rcoleman-netgate Netgate @natethegreat21
              last edited by

              @natethegreat21 No, just run the test without changing Windows. Verify the traffic is going in the OVPN interface, then out the proper internal interface on the pfSense. If it is exiting the pfSense on the internal interface the issue is not related to pfSense.

              Ryan
              Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
              Requesting firmware for your Netgate device? https://go.netgate.com
              Switching: Mikrotik, Netgear, Extreme
              Wireless: Aruba, Ubiquiti

              1 Reply Last reply Reply Quote 0
              • J Offline
                Jarhead @natethegreat21
                last edited by

                @natethegreat21
                Just to add, all the rules with the vpn network as source are useless. That network will never be a source on your LAN, WAN, or any other VLAN.

                natethegreat21N 1 Reply Last reply Reply Quote 0
                • natethegreat21N Offline
                  natethegreat21 @Jarhead
                  last edited by

                  @jarhead Thank you for the heads up. Whats the best way to allow my vpn connection to have access to all VLANs?

                  R 1 Reply Last reply Reply Quote 0
                  • R Offline
                    rcoleman-netgate Netgate @natethegreat21
                    last edited by

                    @natethegreat21 Your VPN should have the networks all declared (local networks in OVPN, P2s in IPsec).

                    Then you need to grant access on each interface for the VPN Network

                    Ryan
                    Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
                    Requesting firmware for your Netgate device? https://go.netgate.com
                    Switching: Mikrotik, Netgear, Extreme
                    Wireless: Aruba, Ubiquiti

                    natethegreat21N 2 Replies Last reply Reply Quote 0
                    • natethegreat21N Offline
                      natethegreat21 @rcoleman-netgate
                      last edited by

                      @rcoleman-netgate Okay so I found the issue, snort was blocking the IP im using for port scanning.

                      1 Reply Last reply Reply Quote 1
                      • natethegreat21N Offline
                        natethegreat21 @rcoleman-netgate
                        last edited by natethegreat21

                        @rcoleman-netgate I found from the logs that it thought I was a bot scanning the network. I really appreciate all the help you guy have given thank you so much!

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.