Can't connect to another PFsense VM over VPN
-
Hello, I'm having an issue connecting to my PFsense VM when I'm vpn'ed in. Specifically, I have a host box, which is on my LAN that hosts a number of different VMs (windows, *nix, etc.) I can talk to all of them when I am externally VPN'ed in, but I cannot connect to a PFsense box when I'm vpn'ed in.
I have tried giving it different IPs, disabling pf, adding special firewall rules for that IP that the pfsense box has and still nothing. I did a TCPdump of the traffic, and I can see that packets from my VPN are getting to the box, but pfsense isn't responding.
I have no trouble browsing to this box locally.
I have run out of things to try, so if anyone has any suggestions, please let me know. Thanks.
-
So I guess, the remote pfSense is not the VPN server you're connecting to.
If it isn't it will send responses to its default gateway.
To avoid that, you will have to add a static route for the VPN tunnel subnet to pfSense to direct response packets back to the VPN server. Alternatively you can do masquerading on the VPN server on packets going to pfSense. -
It's strange that PFSense can't auto detect this- when I dump the route tables for my other VMs, they don't have a mapping to the VPN subnet either, but they are still able to talk to VPN clients.
Anyway, this solution worked for me. Thank you.