Problems with OPENVPN and VLAN's

jorgecardenas9006 · May 23, 2017, 2:18 AM

Hi.

My connection to open vpn was done correctly.
When I connect I assign the ip 192.168.1.1, which is correct in the tunnel.
I can connect and see pfsense. However when I connect to a computer or server a VLAN does not let me connect.
You know the solution to be able to connect OPENVPN to a VLAN.
I appreciate the help and if you need more information let me know.

marvosa · May 23, 2017, 7:56 PM

We do not have enough info to offer anything helpful. From an OpenVPN perspective, the subnet assigned to a vlan is no different than a subnet assigned to a physical interface. All you need to do is push the appropriate routes to your clients.

However when I connect to a computer or server a VLAN does not let me connect.

Please elaborate. What are you using to verify connectivity?

jorgecardenas9006 · May 23, 2017, 9:30 PM

hi

In this moment. I have configured 2 vlans:

vlan3 192.168.20.0/24
vlan4 192.168.30.0/24

The openvpn configuration is:

IPv4 Tunnel Network 172.16.0.1/29
IPv4 Local network(s) 192.168.30.0/24

The firewall rules are the ones that come by default

I have not configured any route

When I use openvpn it enters and assigns me DHCP 172.16.0.2

The tests I do are ping any computer from vlan 4 and it does not work
Another test is to connect to the switch that I have connected and not to enter.

If you require images of the configuration remain pending

marvosa · May 23, 2017, 9:49 PM

You will need to verify a few things:

Verify the route for 192.168.30.0/24 is being created on the client
Verify the client is launching OpenVPN as administrator
Verify the software firewall on the endpoint device is configured to respond to traffic sourced outside of it's local subnet…. e.g. on windows devices, this is disabled by default
Verify all devices are using PFsense as the default gateway
Verify there are no old static routes sending traffic somewhere you don't expect

Here's what I would do until basic IP connectivity is established:

Disable the software firewall on the endpoint device
add an any/any rule to both the LAN and OpenVPN tabs in the firewall section on PFsense

At this point, if we assume the rest of your openvpn config is configured correctly, you should be able to ping everything on the 192.168.30.0/24 subnet. If not, you're looking at a deep dive into the root cause which would involve a packet capture and posting your server1.conf.

jorgecardenas9006 · May 27, 2017, 9:41 PM

Hi,

This was the problem:

Verify the client is launching OpenVPN as administrator

However to connect to another vlan I use nat.
That's the right way ?. With nat

heper · May 27, 2017, 10:56 PM

nat?

why'd you want to use nat ?

jorgecardenas9006 · May 28, 2017, 12:57 AM

Connect the vlan 3 to the vpn connection.