OpenVPN: cannot reach local network



  • hello,

    we use pfsense 2.3.3-RELEASE-p1

    we configured OpenVPN following standard guide https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server

    our config are:

    • IPv4 Tunnel Network: 10.5.0.0/24
    • Local network: 10.0.0.0/16

    VPN goes UP without error, IP assigned at vpn client is 10.5.0.3 and we can:

    1. from pfsense ping VPN client on 10.5.0.3
    2. from pfsense ping all server on Local network
    3. from VPN client ping pfsense on 10.5.0.1
    4. from VPN client ping pfsense on IP that pfsense has on Local network 10.0.0.38

    we have created rule to permit any traffic from openVPN

    from VPN client it's not possible to ping any server on local network, for example trying to ping 10.0.6.1 on filter.log we see:

    May  5 08:57:15 pfSense filterlog: 76,16777216,,1493817024,ovpns1,match,pass,in,4,0x0,,64,34924,0,none,1,icmp,84,10.5.0.3,10.0.6.1,request,13093,064

    but ping don't work

    can you help me?

    Thank you



  • @Stefano:

    from VPN client it's not possible to ping any server on local network, for example trying to ping 10.0.6.1

    Is pfSense the default gateway on 10.0.6.1?



  • @viragomann:

    @Stefano:

    from VPN client it's not possible to ping any server on local network, for example trying to ping 10.0.6.1

    Is pfSense the default gateway on 10.0.6.1?

    Thank you

    We have already discovered that this is the problem, if we set pfsense as default GW all work, but in our net we can't set it as default GW.

    How we can reach through VPN hosts with a different default GW?

    Thanks.



  • You can achieve it with NAT.

    Go to Firewall > NAT > Outbound
    If the rule generation mode is set to Automatic set it to Hybrid and save the settings.
    Then add a new rule:
    Interface LAN
    Source: 10.5.0.0/24 (the VPN tunnel subnet)
    The other settings should stay on their defaults, enter a description and save it.



  • @viragomann:

    You can achieve it with NAT.

    Go to Firewall > NAT > Outbound
    If the rule generation mode is set to Automatic set it to Hybrid and save the settings.
    Then add a new rule:
    Interface LAN
    Source: 10.5.0.0/24 (the VPN tunnel subnet)
    The other settings should stay on their defaults, enter a description and save it.

    perfect!

    Thanks a lot


Log in to reply