How to access OpenVPN roadwarrior clients from LAN
-
@pwnell Since this works without anything special, make sure you are not natting anything relevant to vpn.
-
Well I have no outbound NAT rules apart for the auto created rule, and inbound NAT rules do not seem relevant as they are all on the WAN interface and not OpenVPN.
PS: When I do a tcpdump on pfsense on the Openvpn interface, I can see the LAN packet arriving and being sent to the OpenVPN client IP. I never get anything back from the OpenVPN client.
-
@pwnell Are you sure no firewall is blocking things on client?
I just tried pinging my android phone connectd over openvpn from a local lan host and it pings nicely.
Accessing it from pf seems to come from connected network, and windows firewalls tend to allow such connections, but block other subnets -
I am pretty sure no rules are blocking it. One thing to clarify - not sure if this makes a difference, in my case there are two LAN interfaces, call them LAN1 and LAN2. I want the OpenVPN clients to access LAN2 but not LAN1. I want to access the OpenVPN clients from LAN1.
So in OpenVPN my IPv4 Local network(s) are set to LAN2 only. Not sure if this affects traffic in the other direction.
-
@netblues That last statement is probably it. I will disable the Windows firewall temporarily and see if it is the cause.
-
@pwnell Are you redirecting all networks through openvpn or just a selection? What is the setting on openvpn server?
-
Not sure what you mean. I am not forcing all client traffic through OpenVPN if that is what you mean ( Redirect IPv4 Gateway). LAN1 and LAN2 sends data out via WAN, unrelated to OpenVPN.
-
@pwnell said in How to access OpenVPN roadwarrior clients from LAN:
So in OpenVPN my IPv4 Local network(s) are set to LAN2 only. Not sure if this affects traffic in the other direction.
Of course it does. Replies to lan1 from your clients end up to their default gateway and not open vpn.
You need to add both lans and filter at the openvpn interface as needed. -
@netblues said in How to access OpenVPN roadwarrior clients from LAN:
Of course it does. Replies to lan1 from your clients end up to their default gateway and not open vpn.
You need to add both lans and filter at the openvpn interface as needed.Ok that was it - thanks for your help.
-
@pwnell You are welcome.