Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issues with accessing certain subnets when remotely connected through OpenVPN server

    Firewalling
    1
    2
    117
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Agent666
      last edited by Agent666

      Hi All

      I have my home network setup as follows:-

      LAN 192.168.1.0/24 - router then switch
      SVR 10.10.10.1/24 - A DMZ containing a single internet facing server. Plugged directly into my router ethernet
      DMZ 192.168.69.1/24 - A DMZ only containing 1 server thats only accessible locally from within the Local area network. Setup on a VLAN on switch.

      A OpenVPN server is setup on 192.168.2.0/24 subnet.

      There is also a VPN group which the bulk of my traffic goes out over (2x connections to ExpressVPN). Selected traffic goes out via my ISP, such as gaming consoles and some internet enabled TV's.

      When working locally I have rules to access any subnet from LAN, but reject any traffic from SVR and DMZ interfaces to any other interface (for DMZ behaviour). Everything works as required.

      I can connect to OpenVPN server and access any machines on LAN interface (i.e. using VNC or SSH) (without any rules on OpenVPN interface apart form allow all), but cannot seem to workout what rules I need to access servers on SVR and DMZ (SSH and via VNC).

      Firewall Rules setup as follows:-

      Floating
      db25fa84-7e84-4171-987a-7e2f1a0a2ad2-image.png

      WAN
      8a7f7f06-b932-4b38-9c9f-d99b801d452e-image.png

      LAN
      bead70a4-43e7-4e5a-b085-92ba7fe1578d-image.png

      DMZ
      7eec7af9-f0b3-437d-9810-3d10d2312fcc-image.png

      VPN1/2 are blanks with no rules.

      SVR
      1443e61f-017e-4a07-a0a0-7241606d0c76-image.png

      OpenVPN
      9b7d2e6a-087f-4dda-b540-41664d245a67-image.png

      NAT/Port forwards
      c58ee046-6401-4b7a-a863-9ded4954eb6c-image.png

      NAT/Outbound (not really sure if I needed all these, but hey it works).
      fe3218ba-fa7e-4913-82c1-d2b923100e49-image.png

      Let me know if anything else is required/helps

      1 Reply Last reply Reply Quote 0
      • A
        Agent666
        last edited by

        For anyone else that follows, the issue/solution was actually nothing to do with firewall rules, instead you need to specify the local networks that are accessible in the OpenVPN server configuration!

        a18c1840-79cc-4c09-8f91-8fe653a756c1-image.png

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.