VPN no pasa a mi lan

chpalmer

Ok. I misread. can you show your openvpn firewall rules? Also what do you have for the IP addresses on this page- ?

g_cury

@chpalmer, gracias por interesarte en mi problema. Te adjunto las reglas de firewall.
Tengo 10.34.87.0/ para la red del tunel y 172.16.0.0/16 la lan de mi trabajo

chpalmer

@g_cury said in VPN no pasa a mi lan:

I see a few things that you should fix. One- The WAN rule that you have circled is dangerous in that it allows the whole world access to your network. You should disable it right away.

chpalmer

my work 172.16.0.0/16,

Is your home network 172.16.64.92/16?

These two networks overlap and will not work together.

Either make your networks smaller such as 170.16.0.0/24 and 172.16.64.0/24 or chose another subnet that does not overlap with your work network.

http://www.subnet-calculator.com/

Also- You only need the first rule on your openvpn firewall rule page. The other three are redundant.

g_cury

@chpalmer te agradezco por tu consejo de seguridad, el tema es que estoy intentando poder comunicarme con la lan de la empresa, una vez que lo logre voy a empezar a acotar los permisos. Por eso te agradecería si puedes orientarme en saber que es lo que no me deja pasar de la ip virtual del túnel a la ip de la lan

chpalmer

@g_cury said in VPN no pasa a mi lan:

Is this a road warrior type setup or a site to site setup?

Can you post a screenshot of your VPN setup page? Hide the server side address and any "secret key"..

g_cury

Deberia ser una vlan road warrior. Te paso todas las imagenes de mi configuracion vlan arreglando algunas cosas como me aconsejaste server openvpn.jpg server openvpn_1.jpg server openvpn_2.jpg server openvpn_3.jpg server openvpn_4.jpg server openvpn_5.jpg server openvpn_6.jpg server openvpn_7.jpg server openvpn_8.jpg route print.jpg nat outbound.jpg rule lan.jpg rule openvpn.jpg rule wan.jpg

chpalmer

@g_cury said in VPN no pasa a mi lan:

Ok.. that all looks good at first look. Just to verify.. are you checking from behind your LAN or are you checking from another location? I do not believe it will work with your client behind LAN but Id have to check here on my system..

g_cury

@chpalmer, estoy conectandome desde casa al pfsense que se encuentra en mi trabajo

chpalmer

Is the work primary firewall the pfsense box? Or is it behind another router?

g_cury

@chpalmer no está detrás de un enrutador y el único firewall es el propio de la pc remota