Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN client cannot route to LAN

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ciambellone
      last edited by

      Hi all,
      I've configurated my VPN with pfsense 2.0.2 but after that the connection has been established, the vpn client cannot connect to the server on the lan network.
      When I execute a traceroute, it stops on the gateway address (subsequents hops get time out.
      I've used the wizard for the configuration. Below there are the configurations.
      Any suggestion?
      Regards.

      LAN 10.0.0.0/24
      DMZ 172.26.101.0/24
      WAN 1.1.1.1

      Server has 3 network adapters, one for every vlan
      STATIC ROUTE
      Name         Interface Gateway       Monitor IP Description
      WANGW (default) WAN     1.1.1.1   1.1.1.1     WAN Gateway
      GWLAN LAN     10.0.0.2   10.0.0.2     GW LAN
      GWDMZ DMZ     172.26.101.2  172.26.101.2 GW DMZ

      
      SERVER CONFIG
      dev ovpns1
      dev-type tun
      dev-node /dev/tun1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local 1.1.1.1
      tls-server
      server 192.168.2.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc
      username-as-common-name
      auth-user-pass-verify /var/etc/openvpn/server1.php via-env
      tls-verify /var/etc/openvpn/server1.tls-verify.php
      lport 1194
      management /var/etc/openvpn/server1.sock unix
      max-clients 5
      push "route 10.0.0.0 255.255.255.0"
      ca /var/etc/openvpn/server1.ca 
      cert /var/etc/openvpn/server1.cert 
      key /var/etc/openvpn/server1.key 
      dh /etc/dh-parameters.1024
      tls-auth /var/etc/openvpn/server1.tls-auth 0
      comp-lzo
      persist-remote-ip
      float
      push "route 172.26.101.0 255.255.255.0"
      
      CLIENT CONFIG
      dev tun
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      tls-client
      client
      resolv-retry infinite
      remote 1.1.1.1 1194
      tls-remote pfsense02
      auth-user-pass
      pkcs12 pfsense02-udp-1194-mdandrea02.p12
      tls-auth pfsense02-udp-1194-mdandrea02-tls.key 1
      comp-lzo
      
      
      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        What's the IP of your server?

        Post the firewall rules off the openvpn tab.

        1 Reply Last reply Reply Quote 0
        • C
          ciambellone
          last edited by

          @marvosa:

          What's the IP of your server?

          Post the firewall rules off the openvpn tab.

          Many Thanks for your reply.
          10.0.0.2 LAN
          172.26.101.2 DMZ
          1.1.1.1 WAN (not real ip)
          In attach there are the rules.
          BEst regards.
          Matteo

          DMZ.PNG
          DMZ.PNG_thumb
          LAN.PNG
          LAN.PNG_thumb
          OPENVPN.PNG
          OPENVPN.PNG_thumb
          WAN.PNG
          WAN.PNG_thumb

          1 Reply Last reply Reply Quote 0
          • C
            ciambellone
            last edited by

            Hi All,
            I've resolved the problem. I've found an error in the configuration
            thanks a lot.

            1 Reply Last reply Reply Quote 0
            • M
              marvosa
              last edited by

              Care to share with us what the error was?

              1 Reply Last reply Reply Quote 0
              • V
                viettruong
                last edited by

                @ciambellone:

                Hi All,
                I've resolved the problem. I've found an error in the configuration
                thanks a lot.

                hi sir!

                I failed you, but I do not know how to handle.You can share how to handle errors that are not.Thank you

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.