Cannot access WIFI hosts on OpenVPN
-
Your new "any any" rules on your LAN and WIFI interfaces are pretty much unnecessary..
Id be more interested in your VPN config. Did you remember to add your WIFI subnet into that config?
Is this a road-warrior setup?
-
also what is providing the wifi... Is its some wifi router plugged in via its wan port to your 192.168.0 network and doing nat?
-
@chpalmer that's why i said to not mind the unnecessary rules, I will clean those later :)
I did add both subnets to the setting IPv4 Local network(s) separated by coma when i created the vpn.
I also added these rules in the custom options based on some suggestions i found in some other post:
It's not a road warrior setup, I'm still testing it for now to get it to work, I left pretty much everything default. -
@johnpoz I plugged an asus GT-AC5300 from the WIFI interface to its wan port, correct.
I disabled the firewall, left the DHCP but I tried to disable that and was not making much difference.
NAT I can find only these settings, everything is pretty much default, I just disabled the firewall.
-
Your WIFI access point is still doing NAT. Can you go to the WAN tab and see what your options are?
-
@chpalmer This is what I have. NAT is enabled, but if I disable I notice I cannot browse online anymore from the wifi hosts.
Thank you. -
Under WAN Connection Type is there an "Access Point Mode" or similar option?
Once you put it in access mode you will have to reset all your clients behind the WIFI unit..
https://www.asus.com/us/support/FAQ/1015009/
-
So the only way is to set it up in AP Mode? I thought that may do it but wanted to try different options first.
-
@Jin84 said in Cannot access WIFI hosts on OpenVPN:
I thought that may do it but wanted to try different options first.
Like a router after router setup ? No way ...
Who is doing DHCP here ? pfSense or your Wifi router ? Should be pfSense.You don't need a router after a router setup, and later on, you don't want a router after pfSense. Just put the Wifi thing in AP mode, and done with it.
-
I set up the router in AP mode, now I am able to ping the hosts, however seems I cannot access anymore the AP webui, I'll try later to assign a static ip.
Thank you!
-
To use a wifi router as just an AP.. You don't need to do anything with their nonsense interface... Just turn off its dhcp server - connect it to your network via one of its LAN Ports!!! Set an IP on this lan port to work on your network.
Most of these nonsense native firmwares do not even allow you to put a gateway on the lan side interface.. So no you wouldn't be able to get to it remotely from another network.
Put some 3rd party on it like ddwrt or openwrt... If that doesn't work an it will not allow you to put a gateway on the lan interface - then source nat it on pfsense so that traffic going to the AP looks like it comes from the pfsense interface IP in that network.