Accessing router web interface from LAN

johnpoz

Are you forcing your clients out some vpn interface - what are your rules on your lan, or floating tab? Do you have a vpn client setup to some vpn service?

chrispazz

eheh, you are right.
I have a OpenVPN client configured on pfsense and some subnets are going out via vpn.

If I do a trace route from my pc to the router I can see that the connection exit via vpn gateway...

johnpoz

Well yeah that would cause it ;)

Policy route and allow what you want to access normal routing - before you force it down a vpn gateway..

chrispazz

I tried.

I have set a firewall rule from PC IP address to fritzbox internal address (1921.68.5.254) and the rule is before the main vpn rule but it still goes via vpn....

johnpoz

Well you prob pulled routes from your vpn connection, which you don't do if your going to policy route.

chrispazz

what have I to check for this?

Thank you!

johnpoz

Look at your routing table, look at your vpn client setup - did you check the do not pull routes checkbox? If not then it would pull routes.

chrispazz

Ok, vpn client does not pull routes, I have checked it.

My current routing table is the following:

10.8.3.0/24 10.8.3.1 UGS 0 1500 ovpnc3
10.8.3.1 link#13 UH 8 1500 ovpnc3
10.8.3.19 link#13 UHS 456 16384 lo0
127.0.0.1 link#4 UH 7585 16384 lo0
192.168.5.0/24 link#8 U 11236 1500 em1.90
192.168.5.42 link#8 UHS 0 16384 lo0
192.168.10.0/24 link#7 U 2 1500 em0.10
192.168.10.1 link#7 UHS 0 16384 lo0
192.168.20.0/24 link#11 U 226025 1500 em0.20
192.168.20.1 link#11 UHS 0 16384 lo0
192.168.30.0/24 link#12 U 136670 1500 em0.30
192.168.30.1 link#12 UHS 0 16384 lo0
192.168.70.0/24 link#10 U 9794 1500 em0.70
192.168.70.1 link#10 UHS 0 16384 lo0
192.168.99.0/24 link#1 U 652937 1500 em0
192.168.99.1 link#1 UHS 804 16384 lo0

10.8.3.0 is VPN

chrispazz

I tried also changing the gateway but in trace route it always go for 192.168.5.254 using 10.8.3.0 route.....

johnpoz

Where is your default route? I don't see one..

How would you get anywhere ;)

Post a screen shot of your lan and floating rules - you clearly have a connection there for the 192.168.5.0/24

That you would go out your vpn, would only happen with a forced connection via gateway rule..

Keep in mind if you create a rule to allow the access out your normal path, any states would have to be cleared before that would take effect.

chrispazz

Adding default route and resetting states did the trick!

Thank you very much!