Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] No access to network from VPN with only one WAN

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tirramissu
      last edited by

      Hello!
      I need some help with configuring pfSense.

      I've got 2.3.2 pfSense running with WAN only interface inside private lan.
      There's an other firewall which does NAT and forwards UDP 1194 to the pfSense and this allows me to connect to pfSense box using VPN.
      There's unlimited access to private LAN and internet for pfSense.
      The problem is that I can't access any host from private LAN (using IP) and even pfSense while I'm connected via OpenVPN. I have set up rule to allow all traffic from/to OpenVPN.

      Could you tell me what should I do to make network where pfSense lives to be accessible from VPN?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Go to Firewall > NAT > Outbound, select "Disable Outbound" and hit Save.
        Try again.

        1 Reply Last reply Reply Quote 0
        • T
          tirramissu
          last edited by

          Thank you for reply!
          Didn't work, I also disabled packet filtering (System > Advanced > Firewall & NAT).
          Now I see packets from OpenVPN subnet (172.20.0.0/24) on local network host (192.168.0.0/20), but IP is not tracerouted to pfSense host. After adding route for 172.20.0.0/24 via pfSense IP I could ping both sides, but still no HTTP.

          I think I'm doing it totally wrong…
          Could you tell me how should I do this, please? :)

          1 Reply Last reply Reply Quote 0
          • T
            tirramissu
            last edited by

            Allowng all traffic on WAN & OpenVPN interfaces allowed me to enter pfSense WEB UI and Darkstat module.
            No luck with 192.168.* ^(

            1 Reply Last reply Reply Quote 0
            • V
              viragomann
              last edited by

              Yeah! Your pfSense isn't the default gateway, but so response packets to requests from VPN cliensts are directed to the default gateway. A route for this on your router won't be satisfiable solution. The route has to be added to the destination host(s).

              Another solution is to do outbound NAT and translate outgoing traffic to the interface IP, which is default for WAN, but have to be set manually for VPN if necessary.
              However, this method has the drawback that you are not able to differ the VPN clients on the destination server.

              Also ensure that you have unchecked "Block private networks" in the WAN interface settings.

              1 Reply Last reply Reply Quote 0
              • T
                tirramissu
                last edited by

                Thank you!

                Maybe this will help:

                NAT
                Hybrid Outbound NAT rule generation.

                Firewall
                Be sure to enable TCP/UDP (ICMP or whatever you need) traffic on OpenVPN interface.
                Allow same outgoing traffic from VPN subnet.

                So much fun!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.