OPENVPN lan accessing connected clients
-
I searched the forum and google but I couldn't find material on the subject.
I have an OpenVPN server working for external client access.
Everything works perfectly. The network that clients receive from the tunnel is 192.169.12.0/24
and when the clients are connected they have full access to all equipment on my LAN where the server is: 192.168.12.0/24
that is, access cameras, Windows shares and printers.
I would like to know if it is possible to do the opposite. If a VPN client is connected and receiving, for example, the IP 192.169.12.2, would I be able to access its shared resources?
I made several attempts to rule the firewall but I can't ping from any machine on the LAN for the OPENVPN clients
Now if I perform the PING by pfsense itself it returns.
Can anybody help me?
Thank you very much in advance.
-
@deivison90
I guess, the clients OS might block access from other subnets. You have to configure its Firewall to allow it.Another solution is to masquerade the traffic to the clients by an outbound NAT rule on pfSense.
-
@deivison90 said in OPENVPN lan accessing connected clients:
If a VPN client is connected and receiving, for example, the IP 192.169.12.2, would I be able to access its shared resources?
Once a VPN is connected, it's just like any other IP path. What you can do is determined by the routes and firewall rules. If there's just a single computer at the other end of the VPN, then pfSense should already know the route. If there's another network, then it wouldn't know about it.
-
@viragomann How may I do this?
-
@JKnott I guess I didn't understand you. If a client computer of vpn that is connected have access to local lan, but the local lan can't?
-
@deivison90 said in OPENVPN lan accessing connected clients:
@viragomann How may I do this?
I guess, you're talking about the masquerading?
The network that clients receive from the tunnel is 192.169.12.0/24
and when the clients are connected they have full access to all equipment on my LAN where the server is: 192.168.12.0/24192.168.12.0/24 is your LAN and the tunnel as well? Would mean, your OpenVPN server is running in tap mode?
-
@viragomann said in OPENVPN lan accessing connected clients:
your OpenVPN server is running in tap mode?
Yes, I've just follow a simple tutorial about openVPN with client access in pfsense, and it works fine. My doubt is just to access the reverse site, from my lan to a connected client.
-
