I think it is not difficult issue but i have really no idea ..

goethepieng

Dear All,

it is really stupid question i think which i ask but no idea since one week.

openvpn setting
my IPv4 Tunnel Network 192.168.2.0/24
my IPv4 Local network(s) is 10.71.2.0/24 -> also my local office LAN

my pfsense server lan IP is 10.71.2.254

all setup ok and clients can connect w/o issue but issue is when in the LAN network server w/o setup a default gateway to our pfsense server
the openvpn client cannot access this server at all.
when server has setup the default gateway to our pfsense server then is ok.

ex.
clients can connect 10.71.2.1 -> server default GW is 10.71.2.254 then is work
clients can connect 10.71.2.7 -> server default GW is blank, cause it has two LAN card and default GW is WAN IP GW

i google it but really no successful answer which i can use so i ask all profi users in forum now.
i hope someone can help me it will be really great.

Best Regards,
Arno

JKnott

my IPv4 Local network(s) is 10.71.2.0/24 -> also my local office LAN

That's your problem, they have to be different.

johnpoz

Help you with what exactly?

Your trying to access a server thats gateway is not back to pfsense where the vpn tunnel is.. So you want to fix that?

You have 2 options, well 3 really.
1st would be to use pfsense as your gateway.
2nd would be to source nat your vpn connections so that clients see the traffic from vpn clients as IP address of pfsense on that network of the server..
3rd create host route on the server telling it that to get to your tunnel network talk to pfsense.

This is actually a bit confusing.
"my IPv4 Local network(s) is 10.71.2.0/24 -> also my local office LAN"

Are you saying your remote vpn client is on same network address space as the LAN your trying to go down the vpn to get to? Yeah that is broken setup.

goethepieng

Dear John,

yes. it is what i want to fix.
the setting is like attached and i just want to connect my office network 10.71.2.0 thru VPN tunnel . now i can only connect server which GW is back to pfsense like you wrote

but what is detail option 2 you mean and how to setup it?

2nd would be to source nat your vpn connections so that clients see the traffic from vpn clients as IP address of pfsense on that network of the server..

thanks

BR
Arno

open.JPG_thumb

johnpoz

On your outbound nat pick the interface for the network these servers are on, and nat traffic using pfsense interface IP.. Its just like any other outbound nat, but into your lan..

I have gone over source nat multiple times in other posts.. Find one of those..

edit: here is a recent thread where showing doing a source nat
https://forum.pfsense.org/index.php?topic=137152.0