Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] OpenVPN Client to Access Subnet Behind OpenVPN Server

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 3 Posters 6.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      ghinthsh
      last edited by

      Hi pfsense community i currently have PFSense firewall with web filtering
      I want to add Loadbalancer with OpenVPN Server as shown:

      My Question is, Is it possible for VPN Client to access 192.168.0.0/24 network such as NAS / Fileserver?
      Thanks in advance..

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        All you should have to do is pass traffic from 10.0.10.0/24 inbound on the 192.168.10.2/29 interface. You could have pass any any on the WAN there if that fits your model. The internet would be filtered by the rules on the WAN[12] interfaces on the Load Balancer node.

        You would also need a gateway defined on the Load Balancer node LAN for 192.168.10.2 and a static route for 192.168.0.0/24 to that gateway.

        I am assuming NAT is generally disabled on the Firewall node. You would do your outbound NAT for 192.168.0.0/24 on WAN1 and WAN2 on the Load Balancer node. Any port forwards you need would be there too.

        You solve a significant problem with squid + Multi-WAN there by going to two nodes. Should work great.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • G
          ghinthsh
          last edited by

          I will try your advice when I have free time to setup LB + Openvpn.

          Thank you Derelict for your time.

          1 Reply Last reply Reply Quote 0
          • A
            alphameric77
            last edited by

            zz

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Your "drawing" makes no sense.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • G
                ghinthsh
                last edited by

                ;D

                1 Reply Last reply Reply Quote 0
                • G
                  ghinthsh
                  last edited by

                  It worked! i did everything you said just added to the openvpn server Custom Options -> route 192.168.0.0 255.255.255.0; push "route 192.168.0.0 255.255.255.0" to make it work.

                  again thanks Derelict  :)

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Glad it worked.

                    Simply adding 192.168.0.0/24 to the local networks on the server should do the same thing and is easier to understand.

                    In fact, the route portion of what you added might cause you trouble down the road. push route is what you want.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • G
                      ghinthsh
                      last edited by

                      Noted.  I don't know why its not working without push route, maybe reboot on the balancer node is needed.

                      I will reconfigure it later.

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        No reboot should be necessary. Adding the network to Local Networks generates a push route.

                        The route command tells pfSense to route traffic for that network into OpenVPN. You don't want that since you want traffic for that network to be sent to 192.168.10.2.

                        The push route tells the server to instruct the clients to install a route so traffic for that network is sent through the tunnel to the server. That is what you want.

                        What version of pfSense?

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • G
                          ghinthsh
                          last edited by

                          Pfsense 2.3.2-p1

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.