[SOLVED]Openvpn connects but no local lan access
-
Network layout , openvpn screenshots , and firewall rules.
Hope this helps, thank you.
 -
on Advanced add route 172.16.0.0 and your mask etc 255.255.0.0
-
I've done that but it doesnt help. I will try it again. Also, i thought that me specifying it in the network portion would do that.
-
i added push "route 172.16.0.0 255.255.0.0"; per the example. and still no go. It connects great thought… I'm digging the ldap backend authentication.
below you'll see the network is there, but strangely its says 172.16 and not 172.16.0.0, not sure if that matters. The viscosity VPN client for mac showing succesfull connection. Like i said, I authenticate fine, connect fine, and can get as far as the pfsense lan interface, but beyond that, no.
 -
Is the pfSense firewall to which you connect the default gateway for the lan you're trying to reach?
-
dang. thats the problem. Since I've set this up as a demo, to test out pfsense. I have not yet configured it as a gateway. I setup the pfsense as my gw on a local machine and it works, it responds.
Thanks for helping me solve this. I think next would be to setup a route to the 10.0.8.0/24 network on the router. That should resolve the ping back issue.
-
Yep, either put the route in the actual gateway, or you can do some outbound NAT on the LAN to make the VPN client traffic appear to originate from the firewall so it would look "local" and thus not requite and special routing. Only downside is that you lose the original client IP in the process, as seen by the target machine. (and it would probably break SMB access)
-
I there a way to configure pfsense to act as just a vpn appliance, where i don't have to add routing to another device or change the gateway on the local machines?
-
Only by adding the NAT I mentioned. Otherwise you need routes somewhere.
(Or an ugly tap bridge VPN that drops clients into the LAN subnet with LAN IPs…)
-
Thanks again, you are my hero!
-
H hillblock referenced this topic on
