Can't access LAN!!

viragomann

If this routing table is from client, you are in the same subnet as the server: 192.168.5.0/24
That cant work.

lonmarlon

thanks viragomann for the reply..

you mean it is possible to access 192.168.5.0/24 clients ex. 192.168.5.3 which has no gateway (192.158.5.1) configured
from vpn tunnel ip?

while trying i connect to wifi and disabled my lan adapter
my wireless subnet is 192.168.1.0/24

viragomann

The hosts at servers LAN must use the pfSense as default gateway, otherwise you have to add a route to it for VPN or do source NAT at pfSense for VPN connections.

lonmarlon

"add a route to it for VPN or do source NAT at pfSense for VPN connections."

can you advise regarding my existing configuration how to do that?

thanks viragomann

viragomann

You have to add the static route to the host which hasn't configured the pfSense as default gateway. How to do this, depends on the OS.

Assumed it's Windows, open the cmd and enter
route add -p 192.168.6.0 mask 255.255.255.0 192.158.5.1 metric 2

lonmarlon

Thanks viragomann

now i understand

how about this approach. can you advise?

"source NAT at pfSense for VPN connections."

viragomann

Since it concerns only one host, I would prefer the routing solution.
If you do NAT, access via VPN to the host seems to come from pfSense cause packets gets its source IP. If that doesn't matter for you, you may add a NAT rule therefore instead.

Go to Firewall > NAT > Outbound, if it is set to automatic rule generation select hyprid and save it. Then add a new rule
Interface: LAN (this one 192.168.5.3 is connected to)
Source: 192.168.6.0/24 (tunnel subnet)
Destination: 192.168.5.3 or an alias containing all hosts which haven't set pfSense as default GW
Translation address: Interface Address

lonmarlon

Dear viragomann,

i really appreciate your reply done exactly as per advise..but still the same..

i uses wifi which subnet is 192.168.3.0/24 disable the lan of my laptop

*disregard the destination which is 192.168.5.0/24 it's not possible to put only 1 ip address either any or network is the option.

also added route add -net 192.168.6.0 netmask 255.255.255.0 gw 192.168.5.1 dev eth0:1 in my 192.168.5.3
but still not working tried this one

viragomann

The screenshot shows, your virtual address is 10.10.10.6! Not one of the tunnel subnet 192.168.0.6/24 you mentioned above.

So if you use another tunnel subnet now you have to change your route or NAT to fit to it as well.

lonmarlon

thanks viragomann it's all working now!!