Can't connect to local network
-
Hi all!
I want to connect from my home or my iPhone to my office wan subnet with openvpn.
Now I can connect to the openvpn server but I cannot access to wan subnet.
I attach my net diagram :-[ and some pfsense screenshots… Where is the mistake?? ???[url=https://dl.dropboxusercontent.com/u/28376825/psense.zip]https://dl.dropboxusercontent.com/u/28376825/psense.zip
Thank You all
Davide
[Schermata 2013-09-25 alle 12.09.47.png](/public/imported_attachments/1/Schermata 2013-09-25 alle 12.09.47.png) -
I can't see some of the things you put on for the MAC - However…
I see some big problems.
in Firewall > Rules
Remove the rule for 192.168.2.0/24 on the WAN - Thats bad and un-needed.
Remove the rule that looks like all * * * * * * * at the bottom on the WAN
That is a pass any from any to all rule and shouldn't be on the WAN.
Thats TERRIBLE and un-needed. That rule turns your firewall into a Welcome-all-wall.remove the last rule on your firewall > rules Openvpn tab. The first rule is all that is needed.
in your mac client config, near the bottom of the commands add route 192.168.1.0 255.255.255.0
Lastly - NONE of this is going to work well if the subnet you are on when you are away from home is also 192.168.1.0/24 or 192.168.2.0/24. Thats why when you set up a pfsense with the intent of using it for VPN you should pick seldom used IP for the LAN like 10.50.36.1 / 24
Hope that helps.
-
Yes, I added that bad rule because I was desperate and thinked there were something bad…
Yes, home net and office subnet are the same -.-'' Il'' change office network :)
I dont' understand what I have to do " in your mac client config, near the bottom of the commands add route 192.168.1.0 255.255.255.0".. ???
You mean Into System/Routing/Routeses ???Thank you very much :D
-
In the client configurat that is located on your MAC (its just a file that probably ends with .ovpn) there is a bunch of commands.
Try adding:
route 192.168.1.0 255.255.255.0
incase for some reason its not getting pushed from pfsense.
But you really really need to change your LAN IP ASAP to something off… like 192.168.39.1/24 and your Openvpn IPs also to something off like 10.x.x.0/24 (the Xs would be a random number between 10 and 200)
Right now its way to probable that you will have IP conflicts because 192.168.1.x is way too common.