Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connect external client to internal client with OpenVPN through pfSense Firewall

    Scheduled Pinned Locked Moved OpenVPN
    13 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bostongeorge @bostongeorge
      last edited by

      @bostongeorge --Update --
      I did this: took down firewall in client 1 and server, now internally all can ping each other but from client 2 (external) i get this ping answer which say packets received but host unreachable?
      what does that mean`?

      54a925ad-53dc-4616-8377-285f4de8f7cc-image.png

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Your drawing screams asymmetric traffic flow. Why is Client 2 connected to pfSense WAN and not behind pfSense (LAN)?

        -Rico

        B 1 Reply Last reply Reply Quote 0
        • B
          bostongeorge @Rico
          last edited by

          @rico Client 2 is an external client. Is not part of the internal network,
          I neet to simulate client 2 can connect to server on ftp port 8070.
          Client 1 can connect to server on ftp port 8070 (but they are on same lan segment so yeah).

          Client 2 has to request to the firewall the possibility to go to server.
          So firewall must allow that.

          1 Reply Last reply Reply Quote 0
          • RicoR
            Rico LAYER 8 Rebel Alliance
            last edited by

            Consider while testing....connecting a Client to pfSense WAN RFC1918 is not the same as a Client connecting from the Internet.
            If you really want to test your local installation, use something like a mobile connection.

            -Rico

            B 1 Reply Last reply Reply Quote 0
            • B
              bostongeorge @Rico
              last edited by bostongeorge

              @rico I understand that. I am testing all using VM

              At the moment internally all devices can ping each other and external device can ping internal ip of firewall, but cannot ping internal server or internal pc1.

              T 1 Reply Last reply Reply Quote 0
              • T
                tsmalmbe @bostongeorge
                last edited by

                @bostongeorge Don't make your OpenVPN subnet the same as the internal LAN. Begging for issues and problems there. Make it completely different, then add a firewall rule to access whatever you need in the 70-subnet.

                Security Consultant at Mint Security Ltd - www.mintsecurity.fi

                B 1 Reply Last reply Reply Quote 1
                • B
                  bostongeorge @tsmalmbe
                  last edited by

                  @tsmalmbe you mean that the problem could be here?
                  c4adbdff-62b2-4ce8-9b32-20318b8ea884-image.png

                  T 1 Reply Last reply Reply Quote 0
                  • T
                    tsmalmbe @bostongeorge
                    last edited by

                    @bostongeorge That will surely screw up your setup.

                    Security Consultant at Mint Security Ltd - www.mintsecurity.fi

                    B 1 Reply Last reply Reply Quote 0
                    • B
                      bostongeorge @tsmalmbe
                      last edited by

                      @tsmalmbe I am now using this setup and all is working. I have followed a guide. so for the one interested let me know if you are in same problem (not sure i can post the link here).
                      77580d61-7134-41b9-a5dd-5514e17695a9-image.png

                      I have follow this:

                      CONFIGURATION VM

                      pc real 192.168.0.0
                      FW bridged +Vmnet2 (host only)
                      Server custom Vmnet2
                      Client 1 custom Vmnet2
                      Client 2 bridged

                      IP ADDRESS

                      FW WAN 192.168.0.133
                      FW LAN 192.168.70.1
                      Client1 192.168.70.5
                      Server 192.168.70.230
                      Tunnel 192.168.60.0
                      Client2 192.168.0.137
                      Client 2 vpn 192.168.60.2

                      CONFIG ISNTALLATION

                      • Create CA authority
                      • Create server ceritficate
                      • Create User
                      • Create user certificate
                      • Enbable interface
                      • Openvpn wizard

                      affbebaa-05ed-4e1f-988d-1ba5c2045b0d-image.png

                      1 Reply Last reply Reply Quote 0
                      • T
                        tsmalmbe
                        last edited by

                        You should probably somehow mark this thread as "solved".

                        Security Consultant at Mint Security Ltd - www.mintsecurity.fi

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.