Can not access remote network via tunnel.

m3tatr0n

Hi All,

I installed the most recent version (2.8.1). First thing I want to do is get OpenVPN going. Using the Wizard, I created a 'Local User Access' server. It was pretty straight forward, got my CA cert and Server cert created. Checked the Firewall rule for OpenVPN created by the Wizard.
I then created a user. I went to the OpenVPN Client Export and downloaded the Archive.
scp it to a remote linux server for testing.

I can connect no problem to the OpenVPN server but:

I can't access any machine on the the network (the one behind the PFSense FW).
As a test I redirected IPV4 gateway. Now the default GW of the remote linux box is the
OpenPVN tunnel.... I can access the web. I got the public address of the OpenVPN server when I ran the command 'curl ifconfig.me'. It is somewhat working except I can not access the local network behind the PFSense FW. What am I missing?

Thanks in Advance.
Roberto

the other

@m3tatr0n
It might help if you could post your openvpn interface rules. :)

m3tatr0n

Thank you for you prompt reply.
Here are the rules I have so far... not much really since I wanted to get openvpn going first.

Thanks,
Roberto

the other

@m3tatr0n
How do you try to access your local devices? IP? Hostname/domainname?

• can you ping your devices via IP?
• can you reach them via IP?

m3tatr0n

@the-other I just try to access them via IP. Pinging a few IP addresses I know that are live devices got no replies.

m3tatr0n

I changed one of the devices' default GW to the LAN address of the PFSense and I can ping and ssh to it. So that works. But our setup here is we got two outgoing internet pipe. One is for the business (web services) and one for PC clients so the can use it for browsing, downloading etc. But both gateways are on the same network. 192.168.2.254 for the PFSense and 192.168.2.1 for the modem our local IP provider gave us. The OpenVPN is for our remote workers to access their workstations from home and their default GW is the modem.

m3tatr0n

I guess the question now is how to access devices remotely if those devices are not using the PFSense firewall as their gateway.

m3tatr0n

OK... I figured it out... I need a rule set on Firewall->NAT->Outbound.
Set Mode to Manual and save.
Add a rule set below