Can't access LAN!!
-
would anyone help me figure out.
I was able to connect to the VPN at home but unable to ping or access LAN.
tunnel subnet 192.168.6.0/24
lan subnet 192.168.5.0/24openvpn-gui ran as administrator
any help will be appreciated
Thank you
*** IT WAS WORKING ALL ALONG..MY REAL ISSUE IS I COULD NOT ACCESS LAN CLIENTS WHICH GATEWAY NOT CONFIGURED 192.168.5.1 FOR THE REASON THAT IT SHOULD NOT HAVE AN INTERNET ACCESS..IS THERE A WORKAROUND? ***
-
If this routing table is from client, you are in the same subnet as the server: 192.168.5.0/24
That cant work. -
thanks viragomann for the reply..
you mean it is possible to access 192.168.5.0/24 clients ex. 192.168.5.3 which has no gateway (192.158.5.1) configured
from vpn tunnel ip?while trying i connect to wifi and disabled my lan adapter
my wireless subnet is 192.168.1.0/24 -
The hosts at servers LAN must use the pfSense as default gateway, otherwise you have to add a route to it for VPN or do source NAT at pfSense for VPN connections.
-
"add a route to it for VPN or do source NAT at pfSense for VPN connections."
can you advise regarding my existing configuration how to do that?
thanks viragomann
-
You have to add the static route to the host which hasn't configured the pfSense as default gateway. How to do this, depends on the OS.
Assumed it's Windows, open the cmd and enter
route add -p 192.168.6.0 mask 255.255.255.0 192.158.5.1 metric 2 -
Thanks viragomann
now i understand
how about this approach. can you advise?
"source NAT at pfSense for VPN connections."
-
Since it concerns only one host, I would prefer the routing solution.
If you do NAT, access via VPN to the host seems to come from pfSense cause packets gets its source IP. If that doesn't matter for you, you may add a NAT rule therefore instead.Go to Firewall > NAT > Outbound, if it is set to automatic rule generation select hyprid and save it. Then add a new rule
Interface: LAN (this one 192.168.5.3 is connected to)
Source: 192.168.6.0/24 (tunnel subnet)
Destination: 192.168.5.3 or an alias containing all hosts which haven't set pfSense as default GW
Translation address: Interface Address -
Dear viragomann,
i really appreciate your reply done exactly as per advise..but still the same..
i uses wifi which subnet is 192.168.3.0/24 disable the lan of my laptop
*disregard the destination which is 192.168.5.0/24 it's not possible to put only 1 ip address either any or network is the option.
also added route add -net 192.168.6.0 netmask 255.255.255.0 gw 192.168.5.1 dev eth0:1 in my 192.168.5.3
but still not working tried this one -
The screenshot shows, your virtual address is 10.10.10.6! Not one of the tunnel subnet 192.168.0.6/24 you mentioned above.
So if you use another tunnel subnet now you have to change your route or NAT to fit to it as well.
-
thanks viragomann it's all working now!!