Accesing LAN RDP Computer not possible by OpenVPN
-
SCENERY:
ISP Router:
Network: 10.10.10.0/24
LAN:10.10.10.1/24PfSense:
WAN: 10.10.10.11/24
LAN:172.16.16.16/24LAN Router:
WAN: 172.16.16.1/24
LAN:192.168.168.1Computer with RDP Active:
192.168.168.2OpenVPN Server:
Tunnel: 192.168.200.0/24 not forced
IPv4 Local Network set to: 192.168.168.0/24Clientes are connecting OK by RDP without Open VPN.
Clients are connecting OK by OpenVPN but not to computer with RDP, so i guess is not a NAT problem but something with routes or VPN NAT in PfSense.
Also i have to say i'm not a master of the networking world, so i would appreciate your suggestions related to RDP connection trouble and networking.
I've been reading a lot of posts but no solution found yet!Questions are welcome!
Thanks so much guys!!
-
Easy things can get tricky with 3 routers involved.
What is this "LAN Router" used for? Why can't it be replaced with your pfSense?
In your actual setup (assuming OpenVPN server is running at your pfSense) you need to tell pfSense how to reach this 192.168.168.0/xx network. This can be done with a static route.
Also keep in mind that Windows Firewall blocks anything outside local/known networks. So for testing disable it at your RDP server.-Rico
-
You try to shutdown the MS Firewall ?
It is me Ruben
Bootable Computación - Argentina.
pfSense/Netgate Certificate Partner
Pardon for my English - I am not an English speaker.
Thanks a lot for yours invaluable time. -
@Rico Thanks so much for your answer, yes!, OpenVPN is running in PfSense, i thought about the Windows Firewall at first and i disabled it but without results.
Yesterday, i've realized that i can ping from the client (OpenVPN connection) to the LAN of the PfSense but not to any ip of the 192.168.168.0 network (in the LAN router), so i guess i could need a rule for this purpose, from PfSense LAN to LAN Router (Wan in 172.16.16.0)
but im not sure, i've tried this with a rule in LAN settings of PfSense but with no effect, maybe the rule tested could be wrong!.
Also i've tried a static route like push "route 192.168.168.0/24" in OpenVPn settings but it doesn´'t work either.
Finally, that's the reason to ask for help here.
Thank you so much! -
@bootable Thanks for your answer, i replied the post before. Thanks anyway!.
-
You need to add a static route in System > Routing
-Rico
-
@Rico thanks!. Do you mean only 1 route 192.168.168.0/24 network? Or do I have to add 2 routes, one for 172.16.16.0/24 and the 192 also?
And I only have 1 gateway for WAN, do I have to add a gateway for LAN? -
So this downstream router is doing nat? If so you don't need routes, they won't do anything. If the downstream router is natting, you would need to setup a port forward on that downstream router, and hit its wan IP to be forwarded your box behind that router.
if your not natting, then you run into a problem with asymmetrical traffic. If you have hosts on this 172.16.16/24 network that you need or want to talk to stuff with on the 192.168.168 network. And yeah you would need a gateway and route setup to this downstream network.
Lots of things come into play if your not natting that downstream.. That need to be taken into account.
-
@johnpoz thanks, gonna try you said!.
I will be in touch... -
Don't forget also you dest box your trying to rdp too, more than likely his firewall not going to allow traffic from vpn tunnel IP your remote client would be using.
So the host firewall need to be adjusted to allow the traffic.
