Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't reach the office

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jpenninkhof
      last edited by

      Hi,

      I'm using pfSense as my home gateway/router. Using openVPN, I have setup a link to my office, which seems to be working in partially.

      In the OpenVPN connection log I can see that: "Initialization Sequence Completed". When I look at "Dianostics | Routes", I can see all my office networks. And when I ping an office IP from "Diagnostics | Ping", everything looks good too.

      But now i want to access the office network from my home network and expected pfSense to route all traffic mean for the the office network through the openVPN tunnel. However, when I ping that office IP from a LAN PC I get a "Request timed out" error instead. What do I need to do to make this work?

      Thanks!
      Jan

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        do you have firewall rules in place to allow your lan to go to "remote office" ?

        1 Reply Last reply Reply Quote 0
        • J
          jpenninkhof
          last edited by

          Thanks for your reply Heper, and I guess you're exactly hitting my weak spot with that question. Routing and firewalls are still quite an obscure field for me, which I feel I have not enough knowledge about. However, the best way to gain that knowledge is by just doing it, right? :)

          Under firewall I haven't made much aterations from the defaults:

          • I have made a few inbound NAT rules so that I can reach my server from the public internet.

          • Outbound rules have also been changed a bit. According to what I found on the internet, you need to change the outbound rules settings to "Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)" if you use the OpenVPN client. So that's what I did. I didn't add new rules, so the only ones there are the auto created rules for "ISAKMP - LAN to WAN", "LAN to WAN", "localhost to WAN".

          • Firewall rules haven't been touched at all, but I can see my inbound NAT ports there under WAN and under LAN it shows the anti-lockout rules and the "Default allow LAN to any rule" for both ipv4 and v6.

          • According to what I found on the internet I had to add a rule under OpenVPN. I have added this rule, which would allow any traffic to go through the OpenVPN interface. I.e.: everything is set to it's default/any, except the interface, which set to OpenVPN.

          Btw, I may be wrong here, but I would also have expected that if traffic was blocked, it would show up under "Status: System logs: Firewall", but I see no activity there when I try to ping through the OpenVPN port.

          Thanks for helping guys, really appreciate it!

          1 Reply Last reply Reply Quote 0
          • J
            jpenninkhof
            last edited by

            Found it!!!

            Obviously, the office doesn't route my home LAN addresses. So I have to use outbound NAT with the IP address assigned to me.
            Once I had created a NAT outbound rule for interface OpenVPN, that NATs all my LAN traffic over the "Interface address", things started working like a charm. Nice, happy camper! :)

            Cheers,
            Jan

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.