4. OpenVPN: cannot reach local network

OpenVPN: cannot reach local network

  • S

    hello,

    we use pfsense 2.3.3-RELEASE-p1

    we configured OpenVPN following standard guide https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server

    our config are:

    • IPv4 Tunnel Network: 10.5.0.0/24
    • Local network: 10.0.0.0/16

    VPN goes UP without error, IP assigned at vpn client is 10.5.0.3 and we can:

    1. from pfsense ping VPN client on 10.5.0.3
    2. from pfsense ping all server on Local network
    3. from VPN client ping pfsense on 10.5.0.1
    4. from VPN client ping pfsense on IP that pfsense has on Local network 10.0.0.38

    we have created rule to permit any traffic from openVPN

    from VPN client it's not possible to ping any server on local network, for example trying to ping 10.0.6.1 on filter.log we see:

    May  5 08:57:15 pfSense filterlog: 76,16777216,,1493817024,ovpns1,match,pass,in,4,0x0,,64,34924,0,none,1,icmp,84,10.5.0.3,10.0.6.1,request,13093,064

    but ping don't work

    can you help me?

    Thank you

    0
  • V

    @Stefano:

    from VPN client it's not possible to ping any server on local network, for example trying to ping 10.0.6.1

    Is pfSense the default gateway on 10.0.6.1?

    0
  • S

    @viragomann:

    @Stefano:

    from VPN client it's not possible to ping any server on local network, for example trying to ping 10.0.6.1

    Is pfSense the default gateway on 10.0.6.1?

    Thank you

    We have already discovered that this is the problem, if we set pfsense as default GW all work, but in our net we can't set it as default GW.

    How we can reach through VPN hosts with a different default GW?

    Thanks.

    0
  • V

    You can achieve it with NAT.

    Go to Firewall > NAT > Outbound
    If the rule generation mode is set to Automatic set it to Hybrid and save the settings.
    Then add a new rule:
    Interface LAN
    Source: 10.5.0.0/24 (the VPN tunnel subnet)
    The other settings should stay on their defaults, enter a description and save it.

    0
  • S

    @viragomann:

    You can achieve it with NAT.

    Go to Firewall > NAT > Outbound
    If the rule generation mode is set to Automatic set it to Hybrid and save the settings.
    Then add a new rule:
    Interface LAN
    Source: 10.5.0.0/24 (the VPN tunnel subnet)
    The other settings should stay on their defaults, enter a description and save it.

    perfect!

    Thanks a lot

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy