OpenVPN - connected; can ping FW; no lan access

viragomann

Is pfSense the default gateway in your LAN?

Have you add a firewall pass rule to the OpenVPN interface to allow access?

Do your LAN hosts response to requests from outside their own subnet?
You may check that on pfSense. Go to Diagnostic > Ping. Try a ping to a LAN device with default settings, then change to source IP to OpenVPN and try again.

franco.g

HI vira...

Thanks for getting back too me. Please view below:

I saw that I can't ping it form localhost either.

Yes - pfsense is local gateway on LAN
Screenshots for ping requests, and config.

Screenshot 2019-11-06 at 14.00.16.png

Screenshot 2019-11-06 at 14.01.13.png

Screenshot 2019-11-06 at 14.02.32.png

NogBadTheBad

franco.g

@NogBadTheBad
Yes, we are. It's just for testing and migration purposes. We are replacing 2 old GTA firewalls with pFsense; since the company(GTA) closed down, and there no longer is any support. I did a past setup at a previous employer with pFsense, and OVPN, and some other services which was flawless.

viragomann

@franco-g
And what's about the gateway question?

franco.g

@viragomann
Yes, pFsense is the one, and only gateway on the LAN. Currently this is a stand-alone device on a "lab" environment with one pc connected to the network.

viragomann

So your LAN device doesn't respond if access comes from outside. Check its firewall.

franco.g

@viragomann

I feel like such an idiot. The following rules on the windows machine firewall was disabled: Domain netw; Private netw - but guest/public netw was still enabled. Will remember to put correct parameters in place for the machines.

One question - is it acceptable that I can't ping the device from localhost on pFsense?

johnpoz

@franco-g said in OpenVPN - connected; can ping FW; no lan access:

is it acceptable that I can't ping the device from localhost on pFsense?

Huh? Your trying to ping using the ping gui menu, and selecting localhost as the source? Why would you think that would ping.. You do not nat to the internal networks.. So no it wouldn't work - just use the automatic setting or select the interface for the network the device your trying to ping is on.

viragomann

@franco-g said in OpenVPN - connected; can ping FW; no lan access:

One question - is it acceptable that I can't ping the device from localhost on pFsense?

That's the default behaviour.
localhost is the device itself. So if you select localhost as source the device may respond, but the respond goes to itself and not back to pfSense.

franco.g

@johnpoz
Had a moment of weakness. Confused it with pinging TO localhost in terminal. Rookie booboo like we all do at times.