[SOLVED] Access VPN Clients from WAN interface
-
Hi All,
I’m looking for some guidance on accessing OpenVPN clients from the WAN interface of a pfSense firewall. I’ve done up a network diagram below for better illustration of what I’m trying to achieve.
I’m looking to have the LAN client 10.0.10.10 be able to access the VPN Client 10.0.20.10
I have no issues accessing the VPN client from the LAB client.
I have an allow all rule on the WAN interface for testing and if I perform a traceroute from the LAN client, I get the following.
Tracing route to 10.0.20.10 over a maximum of 30 hops
1 2 ms 1 ms 1 ms 10.0.10.1
2 1 ms 1 ms 1 ms 10.0.100.1
3 3 ms 3 ms 1 ms 10.0.50.10
4 * * * Request timed out.
It is hitting the pfSense LAB WAN interface so it looks like there is something I haven’t configured or misconfigured on the LAB pfSense firewall.
I’ve tried everything I can think of with the firewall rules and changing the VPN server setting, changing the routes, change settings on the OpenVPN interface, however I have had no luck so far. I’ve done some researching on the web however I’ve come up blank.Any assistance or guidance would be greatly appreciated!
Cheer,
Tyler -
Have you tried adding a static route on the Cisco Router for 10.0.10.0/24 via 10.0.100.10 ? Is it the LAB Client (without VPN) able to reach the LAN Client?
-
Your talking about VPN clients and suddenly :
@TyStosic said in Access VPN Clients from WAN interface:
and changing the VPN server setting
where is this Open VPN server in your drawing ?
-
-
So did you turn off nat on these pfsense since they are downstream of your natting cisco router... You could route all day to your lab wan IP.. Not going to go anywhere, since your natting. And out of the box blocks rfc1918 as well..
And what network is the vpn client on that is connecting to your pfense lab? He is going to have his own local IP as well..
-
Hi @johnpoz
I have NAT enabled on both pfSense firewalls, however as a test I disabled NAT to ensure all natting was handled by the Cisco router and I was still unable to reach the 10.0.20.10 client.
RFC1918 blocking is disabled on all the pfSense interfaces.
I can access all clients on the LAN network of the pfSense LAB with NAT enabled. I also have a static route on the Cisco router for 10.0.15.0/24 via 10.0.50.10 and I can access any host on that network with no issues.
After some more playing around today I got it working.
Firstly I had to assignin the ovpns1 interface and enable it under the Interfaces > Interface Assignments.
Then I was required to add the 10.0.100.0/24 network into the “IPv4 Local network(s)” under the OpenVPN Tunnel Settings, however this setting wouldn't apply until a reboot of the pfSense.Thanks to everyone for the suggestions.
Tyler