• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] No access to network from VPN with only one WAN

Scheduled Pinned Locked Moved OpenVPN
6 Posts 2 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    tirramissu
    last edited by Oct 19, 2016, 3:41 PM Oct 19, 2016, 9:23 AM

    Hello!
    I need some help with configuring pfSense.

    I've got 2.3.2 pfSense running with WAN only interface inside private lan.
    There's an other firewall which does NAT and forwards UDP 1194 to the pfSense and this allows me to connect to pfSense box using VPN.
    There's unlimited access to private LAN and internet for pfSense.
    The problem is that I can't access any host from private LAN (using IP) and even pfSense while I'm connected via OpenVPN. I have set up rule to allow all traffic from/to OpenVPN.

    Could you tell me what should I do to make network where pfSense lives to be accessible from VPN?

    1 Reply Last reply Reply Quote 0
    • V
      viragomann
      last edited by Oct 19, 2016, 12:33 PM

      Go to Firewall > NAT > Outbound, select "Disable Outbound" and hit Save.
      Try again.

      1 Reply Last reply Reply Quote 0
      • T
        tirramissu
        last edited by Oct 19, 2016, 1:25 PM

        Thank you for reply!
        Didn't work, I also disabled packet filtering (System > Advanced > Firewall & NAT).
        Now I see packets from OpenVPN subnet (172.20.0.0/24) on local network host (192.168.0.0/20), but IP is not tracerouted to pfSense host. After adding route for 172.20.0.0/24 via pfSense IP I could ping both sides, but still no HTTP.

        I think I'm doing it totally wrong…
        Could you tell me how should I do this, please? :)

        1 Reply Last reply Reply Quote 0
        • T
          tirramissu
          last edited by Oct 19, 2016, 1:39 PM

          Allowng all traffic on WAN & OpenVPN interfaces allowed me to enter pfSense WEB UI and Darkstat module.
          No luck with 192.168.* ^(

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by Oct 19, 2016, 1:58 PM

            Yeah! Your pfSense isn't the default gateway, but so response packets to requests from VPN cliensts are directed to the default gateway. A route for this on your router won't be satisfiable solution. The route has to be added to the destination host(s).

            Another solution is to do outbound NAT and translate outgoing traffic to the interface IP, which is default for WAN, but have to be set manually for VPN if necessary.
            However, this method has the drawback that you are not able to differ the VPN clients on the destination server.

            Also ensure that you have unchecked "Block private networks" in the WAN interface settings.

            1 Reply Last reply Reply Quote 0
            • T
              tirramissu
              last edited by Oct 19, 2016, 3:39 PM Oct 19, 2016, 2:45 PM

              Thank you!

              Maybe this will help:

              NAT
              Hybrid Outbound NAT rule generation.

              Firewall
              Be sure to enable TCP/UDP (ICMP or whatever you need) traffic on OpenVPN interface.
              Allow same outgoing traffic from VPN subnet.

              So much fun!

              1 Reply Last reply Reply Quote 0
              1 out of 6
              • First post
                1/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received