Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Server No LAN Access

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      dsp3
      last edited by

      Do you have a firewall rule on your openvpn server tab that allows traffic from your openvpn server network to your LAN?

      1 Reply Last reply Reply Quote 0
      • G Offline
        guyp2k
        last edited by

        Below is what I have and does not address the issue…

        FW.JPG
        FW.JPG_thumb

        1 Reply Last reply Reply Quote 0
        • V Offline
          viragomann
          last edited by

          Consider that that firewall rule doesn't allow pings. Ping uses ICMP protocol, while you've allowed only TCP and UDP.

          Is the route to the remote LAN set on the client? Check the clients routing table.

          1 Reply Last reply Reply Quote 0
          • G Offline
            guyp2k
            last edited by

            Below is the routing table from the client:

            ===========================================================================
            Interface List
            15…a4 34 d9 3f 7c f4 ......Microsoft Wi-Fi Direct Virtual Adapter
            16...00 ff ec 41 31 f6 ......TAP-Windows Adapter V9
              4...a4 34 d9 3f 7c f3 ......Intel(R) Dual Band Wireless-AC 8260
              2...a4 34 d9 3f 7c f7 ......Bluetooth Device (Personal Area Network)
              1...........................Software Loopback Interface 1
              9...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter

            IPv4 Route Table

            Active Routes:
            Network Destination        Netmask          Gateway      Interface  Metric
                      0.0.0.0          0.0.0.0    192.168.43.1  192.168.43.114    50
                    127.0.0.0        255.0.0.0        On-link        127.0.0.1    331
                    127.0.0.1  255.255.255.255        On-link        127.0.0.1    331
              127.255.255.255  255.255.255.255        On-link        127.0.0.1    331
                  192.168.1.0    255.255.255.0      192.168.1.1    192.168.200.2    36
                  192.168.1.0    255.255.255.0    192.168.200.1    192.168.200.2    35
                192.168.43.0    255.255.255.0        On-link    192.168.43.114    306
              192.168.43.114  255.255.255.255        On-link    192.168.43.114    306
              192.168.43.255  255.255.255.255        On-link    192.168.43.114    306
                192.168.200.0    255.255.255.0        On-link    192.168.200.2    291
                192.168.200.2  255.255.255.255        On-link    192.168.200.2    291
              192.168.200.255  255.255.255.255        On-link    192.168.200.2    291
                    224.0.0.0        240.0.0.0        On-link        127.0.0.1    331
                    224.0.0.0        240.0.0.0        On-link    192.168.43.114    306
                    224.0.0.0        240.0.0.0        On-link    192.168.200.2    291
              255.255.255.255  255.255.255.255        On-link        127.0.0.1    331
              255.255.255.255  255.255.255.255        On-link    192.168.43.114    306
              255.255.255.255  255.255.255.255        On-link    192.168.200.2    291

            Persistent Routes:
              None

            IPv6 Route Table

            Active Routes:
            If Metric Network Destination      Gateway
              1    331 ::1/128                  On-link
              4    306 fe80::/64                On-link
            16    291 fe80::/64                On-link
            16    291 fe80::d38:4e49:ea36:ab4e/128
                                                On-link
              4    306 fe80::4164:372a:c03a:2c76/128
                                                On-link
              1    331 ff00::/8                On-link
              4    306 ff00::/8                On-link
            16    291 ff00::/8                On-link

            Persistent Routes:
              None

            1 Reply Last reply Reply Quote 0
            • V Offline
              viragomann
              last edited by

              Since you can access hosts in the internet via PIA from LAN devices, I assume the pfSense running the VPN server and client is the default gateway in the LAN/192.168.1.0/24. So the routing at this site should be working.

              How do you try to access the LAN device?
              Maybe the LAN device itself blocks the access. Do you have a webserver there or something like that, which is accessible from outside for testing? If not try do deactivate the system firewall on the destination host.

              1 Reply Last reply Reply Quote 0
              • G Offline
                guyp2k
                last edited by

                How do you try to access the LAN device?
                    I use my laptop and connect to the internet via Verizon, then authenticate with the OpenVPN client to the OpenVPN server/pfSense. I then try and access internal hosts, such as my NAS (192.168.1.22), Plex, and RDP without success. I can however drop to a console and ping the OpenVPN Server and connect to the web interface of pfSense.

                All firewalls are diabled on the internal LAN hosts, like I said I have been working on this for days :(

                1 Reply Last reply Reply Quote 0
                • V Offline
                  viragomann
                  last edited by

                  For troubleshooting use packet capture from the pfSense Diagnostic menu.

                  Select the LAN interface and try to access a LAN device from the VPN client. To get a better result, also set a protocol and port (e.g. RDP). So you can see if packet go out the LAN interface and if you get responses from the destination device.

                  1 Reply Last reply Reply Quote 0
                  • G Offline
                    guyp2k
                    last edited by

                    Should OpenVPN Server assign a GW, when I look at the interfaces on the client the correct IP is assigned, usually 192.168.200.2 but no GW.

                    1 Reply Last reply Reply Quote 0
                    • V Offline
                      viragomann
                      last edited by

                      No, as long you don't want to route any traffic over it (also access to internet addresses), there is no gateway needed.

                      For accessing the remote LAN the route is set on the client, that's all which is needed for that.

                      1 Reply Last reply Reply Quote 0
                      • G Offline
                        guyp2k
                        last edited by

                        Narrowed down the issue to PFBlockerNG, disable that service and I can access the internal LAN via OpenVPN Server…Will need to read up on PFBlockerNG.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.