[RESOLVED]Directed to local router instead of my pfSense



  • I've noticed on certain home networks (such as my friends house) I'll be able to successfully connect to my home network using OpenVPN on any device. Only instead of my pfSense box showing up when trying to access the GUI; the local router is displayed and not my pfSense box that i'm connecting to via OpenVPN. Im not sure what the problem is but believe it isn't a DNS issue. I have this issue with my IPSec VPN as well and only happens on select networks. I followed a basic guide and tried pushing my pfSense box for DNS request when clients connect using OpenVPN but no dice. Even my IPSec VPN is a guide from the pfSense Docs

    Anyone know what the problem could be?


  • Rebel Alliance Global Moderator

    Huh??  So your on this remote network, you then create a vpn tunnel to your pfsense box..  And you then want to access your pfsense webgui via the IP/FQDN and you get your friends routers gui?

    Well what is the network at your house, and what is the network when your remote.

    So say your home network is 192.168.1.0/24 and your pfsense IP you use to access your webgui is 192.168.1.1..  Your at your buddies house, whos network also happens to be 192.168.1.0/24 and his router is also on 192.168.1.1.

    You then access 192.168.1.1, its not going to go down your vpn tunnel to get to network, since it thinks 192.168.1.0/24 is local..

    What is your tunnel network you use btw?  I use 10.0.8/24 and 10.0.200/24 one is tcp the other is if connected udp to vpn.  The fix here is to use a noncommon IP range for your home network, so the likely hood coming from a network that is the same IP space as your home network is very slim.

    192.168.0/24 and 192.168.1/24 are very very common - pretty much every single soho router out there default to one of these as their network.  With .1 being the routers IP quite often, .254 is the other common default.

    What I would suggest is you change your home lan to be something else common, I run 192.168.9.0/24 for example.  My other segments are then 192.168.2-8, etc.  So its unlikely there to be a conflict when on a hotspot somewhere or whatever other network I might be on (hotel for example) that need to vpn back to my network.  There is a VAST choice of private IP space 192.168/16, 10/8, 172.16/12 pick something off the beaten path and your issue should go away.

    172.29.42.0/24 prob not going to run into such a network anywhere else you might be ;)  Your only concern then is when the place uses an inappropriately large network, like the FULL range of the space..  You wouldn't believe how many idiots use 10/8 as their network for example..



  • Thank you for your reply, and for providing me with a recommendation. Sorry if my post was a little confusing at first. Originally I thought of this but wasn't completely sure as I have felt that even on a network of the same private ip of my local home network; tunneling thru the vpn still worked for me. I wanted to see if there was something else to try as changing my local home network would require me to edit all my static IP I've created  :'(