All connections being directed to single IP address over OpenVPN
-
First post here. I've been using PFsense for a few years and have multiple setups in different locations running fantastic for the most part. I'll try to describe what I'm running into best I can.
I have an issue connecting to different PCs and devices through OpenVPN.
I can connect to OpenVPN from a remote location. (connection successful in client)
I can connect to the PFsense via the IPv4 Tunnel Network IP when I connect to OpenVPN from that remote location.
On a fresh setup I can connect to single device via it's IP when I connect to OpenVPN from that remote location. (example: remote desktop -> IP address)
This is where things get strange.
Once I've connected to a device on the main network, that's the only device I can connect to no matter what IP address I try to get to. (example: remote desktop -> different IP address -> connects to the first IP address)
I played around with DNS settings and all kinds of different things but can't seem to figure this one out.
My end-goal was connecting to PCs on the main network from a remote location using their host names instead of IP addresses but at this point I'm pretty far from getting that figured out.
Has anyone else run into this?
-
Hmm, odd. Sounds like a state conflict perhaps. How are you testing?
Is pfSense the default gateway for all the local hosts you're trying to reach?
Are you NATing the traffic from OpenVPN to the local LAN?
Do you see any traffic blocked in the firewall log?
Check the state table in Diag > States when you try to connect. See where it's opening states and what it's opening.
Steve
-
@stephenw10 said in All connections being directed to single IP address over OpenVPN:
Hmm, odd. Sounds like a state conflict perhaps. How are you testing?
I connect from a remote location and try to hit devices on the main network
Is pfSense the default gateway for all the local hosts you're trying to reach?
pfSense is the only router on the main network and all DHCP and static IP addresses are handled by that. Is that what you mean?
Are you NATing the traffic from OpenVPN to the local LAN?
Hmmm, not sure exactly. I used the setup wizard
This is what the NAT PF looks like (sorry for the redacted content, don't know what needs to be kept a secret. It's basically ports for torrents and plex and things that are disabled right now but used for testing)
Do you see any traffic blocked in the firewall log?
I don't see anything out of the ordinary but I might not know what to look for.
Check the state table in Diag > States when you try to connect. See where it's opening states and what it's opening.
Also, not sure what I'm looking for here but it looks like there are some things opening up between...
(assigned IP of remote PC) <-> (IP of OpenVPN gateway)
(assigned IP of remote PC) <-> (IP of PC on main network)Another note:
I'm unfamiliar with how to setup proper DNS settings, that is all essentially unchanged from an out-of-the-box PFsense install. -
I meant any outbound NAT rules you might have on LAN for traffic coming from OpenVPN.
However that port forward looks wrong. That's going to be catching all traffic coming over the VPN with a destination of any host on the LAN subnet and forwarding all of it to whatever host you have set there for the NAT IP. So that's probably the cause, disable that rule.
You don't need a port forward to access the LAN from the OpenVPN tunnel subnet it should be all routed directly. You only need a firewall rule on the OpenVPN interface. And the hosts on LAN themselves need to allow connections from the tunnel subnet.Steve
-
Hey Steve! That worked. I honestly don't remember setting that up. I thought it came through with the OpenVPN wizard. Thanks for all the pointers. I clearly have lots to learn.
