Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN on Pfsense Can Access the Netgate but no Other Resources on the LAN

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 668 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      ccgc
      last edited by

      Greetings,

      I am a volunteer with a small non-profit charged with securing our network. I am new to pfsense and in need of help

      I have created an openVPN on my Netgate 2100.
      My laptop (at a remote location) is on a 192.168.1.0/24
      The OpenVPN Tunnel is on 192.168.60.0
      The Netgate LAN is 192.168.10.1/24

      I can remotely connect to the Netgate at 192.168.10.1, but nothing else on the 192.168.10.xxx subnet.

      Here are screenshots of my rules

      Screenshot OpenVPN rules.png Screenshot WAN rules.jpg Screenshot LAN rules.jpg

      I am sure I am missing something obvious, but I cannot figure out. Assistance will be greatly appreciated!

      Best,
      Leon

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator @ccgc
        last edited by

        @ccgc And what about what your trying to talk to? Do they run a firewall? Do they allow this 192.168.60/24 network? Do they point back to pfsense as their gateway?

        These are 2 things what would cause your problem.

        Either of them can normally be worked around by doing an outbound nat on your lan so that the device your talking to thinks is pfsense IP address on the lan, ie 192.168.10.1

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        1 Reply Last reply Reply Quote 0
        • C Offline
          ccgc
          last edited by

          I guess I didn't make myself very clear.
          I need to be able to remotely connect to devices on their network.

          Yes, "they" have a firewall. "That firewall" is what I attempting to configure.

          I have built the OpenVPN tunnel on 192.168.60/24 on the Netgate pfsense, so yes, they allow it.

          And I can connect to 192.168.10.1 (the netgate pfsense) on "their" network so I am getting into their network, but I can't connect to any other devices on the 192.168.10.0/24 network and that is the problem.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator @ccgc
            last edited by johnpoz

            @ccgc I guess I didn't make my self clear either.. I know exactly what you asked, and gave the answer..

            You have this right..

            connection.jpg

            If that destination device is running a firewall, that 192.168.10.x in my drawing it would have to be set to allow the 192.168.60 network which is what this remote client is going to look like to that destination box.

            If that destination box does not point back to pfsense 192.168.10.1 address as its gateway or have a route on it that says hey to talk to 192.168.60/24 talk to 192.168.10.1 then its never going to work.

            If using pfsense as its gateway make sure its firewall allow 192.168.60/24

            Or quite often you can do an outbound nat on pfsense lan network (this 192.168.10.1) so that when traffic comes from this 192.168.60.x IP to go to the destination box.. It will look like it came from 192.168.10.1 - which the destination firewall might allow, and also would answer back directly without sending to its gateway, if that happens to be different than pfsense.

            outboundnat.jpg

            While the outbound nat can overcome the client not using pfsense as a gateway.. Its possible its firewall still won't allow what your trying to talk to even if the IP is on its local network, ie the 192.168.10.1 address

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07 | Lab VMs 2.8, 25.07

            1 Reply Last reply Reply Quote 0
            • C Offline
              ccgc
              last edited by

              Thank you very much for your guidance. I now have OpenVPN to the LAN working fine.

              Now I'm trying to figure out the next problem. I have Used Port 4 on the Netgate 2100 to assign a VLAN with a completely different IP of 10.1.10.1/24. The VPN server does include 10.1.10.1/24. I added a rule to that interface (for now) as any to any, but the OpenVPN cannot get to a web server at 10.1.10.200.

              Assistance will be GREATLY appreciated.

              Leon

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.