Problems with OPENVPN and VLAN's



  • Hi.

    My connection to open vpn was done correctly.
    When I connect I assign the ip 192.168.1.1, which is correct in the tunnel.
    I can connect and see pfsense. However when I connect to a computer or server a VLAN does not let me connect.
    You know the solution to be able to connect OPENVPN to a VLAN.
    I appreciate the help and if you need more information let me know.



  • We do not have enough info to offer anything helpful.  From an OpenVPN perspective, the subnet assigned to a vlan is no different than a subnet assigned to a physical interface.  All you need to do is push the appropriate routes to your clients.

    However when I connect to a computer or server a VLAN does not let me connect.

    Please elaborate.  What are you using to verify connectivity?



  • hi

    In this moment. I have configured 2 vlans:

    vlan3 192.168.20.0/24
    vlan4 192.168.30.0/24

    The openvpn configuration is:

    IPv4 Tunnel Network 172.16.0.1/29
    IPv4 Local network(s) 192.168.30.0/24

    The firewall rules are the ones that come by default

    I have not configured any route

    When I use openvpn it enters and assigns me DHCP 172.16.0.2

    The tests I do are ping any computer from vlan 4 and it does not work
    Another test is to connect to the switch that I have connected and not to enter.

    If you require images of the configuration remain pending



  • You will need to verify a few things:

    • Verify the route for 192.168.30.0/24 is being created on the client

    • Verify the client is launching OpenVPN as administrator

    • Verify the software firewall on the endpoint device is configured to respond to traffic sourced outside of it's local subnet…. e.g. on windows devices, this is disabled by default

    • Verify all devices are using PFsense as the default gateway

    • Verify there are no old static routes sending traffic somewhere you don't expect

    Here's what I would do until basic IP connectivity is established:

    • Disable the software firewall on the endpoint device

    • add an any/any rule to both the LAN and OpenVPN tabs in the firewall section on PFsense

    At this point, if we assume the rest of your openvpn config is configured correctly, you should be able to ping everything on the 192.168.30.0/24 subnet.  If not, you're looking at a deep dive into the root cause which would involve a packet capture and posting your server1.conf.



  • Hi,

    This was the problem:

    Verify the client is launching OpenVPN as administrator

    However to connect to another vlan I use nat.
    That's the right way ?. With nat



  • nat?

    why'd you want to use nat ?



  • Connect the vlan 3 to the vpn connection.