Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN: cannot reach local network

    OpenVPN
    2
    5
    788
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stefano Sola last edited by

      hello,

      we use pfsense 2.3.3-RELEASE-p1

      we configured OpenVPN following standard guide https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server

      our config are:

      • IPv4 Tunnel Network: 10.5.0.0/24
      • Local network: 10.0.0.0/16

      VPN goes UP without error, IP assigned at vpn client is 10.5.0.3 and we can:

      1. from pfsense ping VPN client on 10.5.0.3
      2. from pfsense ping all server on Local network
      3. from VPN client ping pfsense on 10.5.0.1
      4. from VPN client ping pfsense on IP that pfsense has on Local network 10.0.0.38

      we have created rule to permit any traffic from openVPN

      from VPN client it's not possible to ping any server on local network, for example trying to ping 10.0.6.1 on filter.log we see:

      May  5 08:57:15 pfSense filterlog: 76,16777216,,1493817024,ovpns1,match,pass,in,4,0x0,,64,34924,0,none,1,icmp,84,10.5.0.3,10.0.6.1,request,13093,064

      but ping don't work

      can you help me?

      Thank you

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        @Stefano:

        from VPN client it's not possible to ping any server on local network, for example trying to ping 10.0.6.1

        Is pfSense the default gateway on 10.0.6.1?

        1 Reply Last reply Reply Quote 0
        • S
          Stefano Sola last edited by

          @viragomann:

          @Stefano:

          from VPN client it's not possible to ping any server on local network, for example trying to ping 10.0.6.1

          Is pfSense the default gateway on 10.0.6.1?

          Thank you

          We have already discovered that this is the problem, if we set pfsense as default GW all work, but in our net we can't set it as default GW.

          How we can reach through VPN hosts with a different default GW?

          Thanks.

          1 Reply Last reply Reply Quote 0
          • V
            viragomann last edited by

            You can achieve it with NAT.

            Go to Firewall > NAT > Outbound
            If the rule generation mode is set to Automatic set it to Hybrid and save the settings.
            Then add a new rule:
            Interface LAN
            Source: 10.5.0.0/24 (the VPN tunnel subnet)
            The other settings should stay on their defaults, enter a description and save it.

            1 Reply Last reply Reply Quote 0
            • S
              Stefano Sola last edited by

              @viragomann:

              You can achieve it with NAT.

              Go to Firewall > NAT > Outbound
              If the rule generation mode is set to Automatic set it to Hybrid and save the settings.
              Then add a new rule:
              Interface LAN
              Source: 10.5.0.0/24 (the VPN tunnel subnet)
              The other settings should stay on their defaults, enter a description and save it.

              perfect!

              Thanks a lot

              1 Reply Last reply Reply Quote 0
              • First post
                Last post