[RESOLVIDO] OpenVPN Remote Access | Acesso pfSense | Não acessa LAN

jeferson.junior

Bom dia,

Cenário:
Pfsense 2.3.4-RELEASE (amd64)
Instalado em Vmware ESXI 5.5

Total de Interface Wan = 2

3 sites OpenVPN

01 = Filial peer to peer porta 1190
02 = Filial peer to peer porta 1180
03 = Remote Access  porta 1194

IP LAN = 192.168.0.0/24
IP pfsense = 192.168.0.254
IP Tunel OpenVPN 03 = 192.168.100.0/29
IP atribuido na Conexão OpenVPN = 192.168.100.2

OBS: segui varios tutoriais, inclusive este: https://forum.pfsense.org/index.php?topic=129834.0

Estou com um pequeno problema, tenho configurado uma conexão OpenVPN client, consigo conectar, recebo IP da conexão (192.168.100.2), e acesso a interface web e consigo sucesso ao realizar ping do IP do Pfsense (192.168.0.254) porem não consigo acessar a rede LAN (192.168.0.0/24).
Tenho 2 WANS, e toda a configuração esta en cima da WAN1 (Firewall Rules, OpenVPN, Nat)

Tenho que fazer alguma configuração de rota?

OBS: tenho 2 sites peer to peer funcionando corretamente, e não foi necessário criar rotas.

OBS²: Verificando os logs no firewall as conexões passam, não há nada bloqueado.
Em Firewall rules há regra permitindo a rede da VPN acessar a rede interna sem restrição IPv4 * * para a Lan net
Verificando os logs da regra:

Interface   Protocol    Source            Destination     State               Packets               Bytes
ovpns3      udp 	  192.168.100.2:10046 -> 192.168.0.50:53 	NO_TRAFFIC:SINGLE 	1 / 0        65 B / 0 B 	
ovpns3      udp 	  192.168.100.2:13670 -> 192.168.0.60:53 	NO_TRAFFIC:SINGLE 	1 / 0        65 B / 0 B 	
ovpns3      udp 	  192.168.100.2:29634 -> 192.168.0.60:53 	NO_TRAFFIC:SINGLE 	1 / 0        64 B / 0 B 	
ovpns3      udp 	  192.168.100.2:30177 -> 192.168.0.60:53 	NO_TRAFFIC:SINGLE 	1 / 0 	     59 B / 0 B 	
ovpns3      udp 	  192.168.100.2:30640 -> 192.168.0.50:53 	NO_TRAFFIC:SINGLE 	1 / 0 	     64 B / 0 B 	
ovpns3      udp 	  192.168.100.2:6678 ->  192.168.0.50:53 	NO_TRAFFIC:SINGLE 	1 / 0 	     59 B / 0 B

Configuração OpenVPN

General Information
Server mode:    Remote Access (SSL/TLS + User Auth)
Backend for authentication: Active Directory
Protocol:   UDP
Device mode:    TUN
Interface:  WAN1
Local Port: 1194

Cryptographic Settings
TLS authentication: Marcado
Peer Certificate Authority: CA_OpenVPN
Server certificate: Cert_OpenVPN_Server
DH Parameter length (bits): 2048
Encryption Algorithm: AES-256-CBC
Auth digest algorithm: SHA256
Hardware Crypto:    Não
Certificate Depth: One (Client+Server)
Strict User-CN Matching: Desmarcado

Tunnel Settings
IPv4 Tunnel Network: 192.168.100.0/29
IPv6 Tunnel Network: -
Redirect Gateway: Desmarcado
IPv4 Lo
cal network(s): 192.168.0.0/24
IPv6 Local network(s): -
Concurrent connections:
Compression: Habilitado, Adaptative
Type-of-Service: Marcado
Inter-client communication: Desmarcado
Duplicate Connection: Desmarcado
Disable IPv6: Marcado

Client Settings
Dynamic IP: Marcado
Address Pool: Marcado
Topology: Subnet -- One IP Address per client in a common Subnet

Advanced Client Settings
DNS Default Domain: Marcado
DNS Default Domain: meudominio
DNS Server enable: Marcado
DNS Server 1: 192.168.0.60
DNS Server 2: 192.168.0.50
Block Outside DNS: Desmarcado
Force DNS cache update: Desmarcado
NTP Server enable: Desmarcado
NetBIOS enable: Desmarcado
Enable custom port: Desmarcado

Advanced Configuration
Nada acrescentado

Fiz uma captura de pacotes

Packet Capture Options
Interface: OpenVPN_Client
Promiscuous: Desmarcado
Address Family: any]
Protocol: any
Host Address: -
Port: -
Packet Length: 0
Count: 100
Level of detail: Normal
Reverse DNS Lookup: Desmarcado

Packets Captured

10:45:44.004702 IP 192.168.100.2.46499 > 192.168.0.60.53: UDP, length 37
10:45:48.654349 IP 192.168.100.2.40236 > 192.168.0.60.53: UDP, length 36
10:45:48.671845 IP 192.168.100.2.38575 > 192.168.0.60.53: UDP, length 39
10:45:48.835013 IP 192.168.100.2.1318 > 192.168.0.60.53: UDP, length 33
10:45:49.009172 IP 192.168.100.2.60921 > 192.168.0.50.53: UDP, length 37
10:45:51.245159 IP 192.168.100.2.57456 > 192.168.0.60.53: UDP, length 37
10:45:53.661205 IP 192.168.100.2.61035 > 192.168.0.50.53: UDP, length 36
10:45:53.674875 IP 192.168.100.2.37177 > 192.168.0.50.53: UDP, length 39
10:45:53.841873 IP 192.168.100.2.38436 > 192.168.0.50.53: UDP, length 33
10:45:54.026358 IP 192.168.100.2.46499 > 192.168.0.60.53: UDP, length 37
10:45:56.253528 IP 192.168.100.2.63759 > 192.168.0.50.53: UDP, length 37
10:45:58.638449 IP 192.168.100.2.48402 > 192.168.0.60.53: UDP, length 38
10:45:58.682023 IP 192.168.100.2.40236 > 192.168.0.60.53: UDP, length 36
10:45:58.682116 IP 192.168.100.2.38575 > 192.168.0.60.53: UDP, length 39
10:45:58.863800 IP 192.168.100.2.1318 > 192.168.0.60.53: UDP, length 33
10:45:59.015410 IP 192.168.100.2.60921 > 192.168.0.50.53: UDP, length 37
10:46:01.249763 IP 192.168.100.2.57456 > 192.168.0.60.53: UDP, length 37
10:46:03.630210 IP 192.168.100.2.2047 > 192.168.0.50.53: UDP, length 38
10:46:03.669477 IP 192.168.100.2.61035 > 192.168.0.50.53: UDP, length 36
10:46:03.681827 IP 192.168.100.2.37177 > 192.168.0.50.53: UDP, length 39
10:46:03.857357 IP 192.168.100.2.38436 > 192.168.0.50.53: UDP, length 33
10:46:04.028139 IP 192.168.100.2.57515 > 192.168.0.60.53: UDP, length 37
10:46:06.256763 IP 192.168.100.2.63759 > 192.168.0.50.53: UDP, length 37
10:46:08.030200 IP 192.168.100.2.40177 > 192.168.0.60.53: UDP, length 39
10:46:08.675615 IP 192.168.100.2.48402 > 192.168.0.60.53: UDP, length 38
10:46:08.684214 IP 192.168.100.2.34894 > 192.168.0.60.53: UDP, length 36
10:46:08.687934 IP 192.168.100.2.55661 > 192.168.0.60.53: UDP, length 39
10:46:08.858353 IP 192.168.100.2.34322 > 192.168.0.60.53: UDP, length 33
10:46:09.025574 IP 192.168.100.2.50621 > 192.168.0.50.53: UDP, length 37
10:46:11.033067 IP 192.168.100.2.46173 > 192.168.0.60.53: UDP, length 37
10:46:11.252529 IP 192.168.100.2.53998 > 192.168.0.60.53: UDP, length 37
10:46:11.252562 IP 192.168.100.2.51758 > 192.168.0.60.53: UDP, length 37
10:46:11.252596 IP 192.168.100.2.59832 > 192.168.0.60.53: UDP, length 37
10:46:11.257781 IP 192.168.100.2.44323 > 192.168.0.60.53: UDP, length 37
10:46:11.292618 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
10:46:11.549996 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
10:46:12.292619 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
10:46:12.546085 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
10:46:13.037521 IP 192.168.100.2.44615 > 192.168.0.50.53: UDP, length 39
10:46:13.656319 IP 192.168.100.2.2047 > 192.168.0.50.53: UDP, length 38
10:46:13.682013 IP 192.168.100.2.49618 > 192.168.0.50.53: UDP, length 36
10:46:13.692612 IP 192.168.100.2.52150 > 192.168.0.50.53: UDP, length 39
10:46:13.878476 IP 192.168.100.2.54666 > 192.168.0.50.53: UDP, length 33
10:46:14.037156 IP 192.168.100.2.57515 > 192.168.0.60.53: UDP, length 37
10:46:14.314500 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
10:46:14.543956 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
10:46:16.048173 IP 192.168.100.2.34398 > 192.168.0.50.53: UDP, length 37
10:46:16.256673 IP 192.168.100.2.60227 > 192.168.0.50.53: UDP, length 37
10:46:16.256705 IP 192.168.100.2.42632 > 192.168.0.50.53: UDP, length 37
10:46:16.256816 IP 192.168.100.2.46519 > 192.168.0.50.53: UDP, length 37
10:46:16.258064 IP 192.168.100.2.45443 > 192.168.0.50.53: UDP, length 37
10:46:18.109490 IP 192.168.100.2.40177 > 192.168.0.60.53: UDP, length 39
10:46:18.304995 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
10:46:18.324530 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
10:46:18.553209 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
10:46:18.644932 IP 192.168.100.2.43017 > 192.168.0.60.53: UDP, length 38
10:46:18.686796 IP 192.168.100.2.34894 > 192.168.0.60.53: UDP, length 36
10:46:18.697621 IP 192.168.100.2.55661 > 192.168.0.60.53: UDP, length 39
10:46:18.863908 IP 192.168.100.2.34322 > 192.168.0.60.53: UDP, length 33
10:46:19.027853 IP 192.168.100.2.50621 > 192.168.0.50.53: UDP, length 37
10:46:19.335404 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
10:46:21.082807 IP 192.168.100.2.46173 > 192.168.0.60.53: UDP, length 37
10:46:21.267447 IP 192.168.100.2.53998 > 192.168.0.60.53: UDP, length 37
10:46:21.267480 IP 192.168.100.2.51758 > 192.168.0.60.53: UDP, length 37
10:46:21.267617 IP 192.168.100.2.59832 > 192.168.0.60.53: UDP, length 37
10:46:21.267691 IP 192.168.100.2.44323 > 192.168.0.60.53: UDP, length 37
10:46:21.323851 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
10:46:23.051414 IP 192.168.100.2.44615 > 192.168.0.50.53: UDP, length 39
10:46:23.653867 IP 192.168.100.2.55766 > 192.168.0.50.53: UDP, length 38
10:46:23.701073 IP 192.168.100.2.49618 > 192.168.0.50.53: UDP, length 36
10:46:23.701729 IP 192.168.100.2.52150 > 192.168.0.50.53: UDP, length 39
10:46:23.869555 IP 192.168.100.2.54666 > 192.168.0.50.53: UDP, length 33
10:46:24.043412 IP 192.168.100.2.35269 > 192.168.0.60.53: UDP, length 45
10:46:24.144075 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:24.144135 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
10:46:24.154976 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:24.155125 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 179
10:46:24.155159 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
10:46:24.158416 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 1329
10:46:24.158438 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 1329
10:46:24.158445 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 445
10:46:24.165002 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:24.165504 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:24.170297 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:24.176650 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 126
10:46:24.176687 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
10:46:24.177501 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 51
10:46:24.187966 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:24.188002 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
10:46:24.188072 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
10:46:24.190173 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:25.345036 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
10:46:26.044520 IP 192.168.100.2.34398 > 192.168.0.50.53: UDP, length 37
10:46:26.158599 IP 192.168.100.2.35981 > 192.168.0.254.443: tcp 0
10:46:26.158675 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 0
10:46:26.167414 IP 192.168.100.2.35981 > 192.168.0.254.443: tcp 0
10:46:26.167541 IP 192.168.100.2.35981 > 192.168.0.254.443: tcp 179
10:46:26.167571 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 0
10:46:26.170166 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 1329
10:46:26.170186 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 1329

Percebi que em Diagnostics -> Route no pfSense o seguinte:

Destination	        Gateway	        Flags	Use	  Mtu	Netif	Expire
192.168.100.0/29	192.168.100.2	UGS	     0	  1500	ovpns3

Tenho que atribuir uma interface a esta conexão do OpenVPN e criar uma rota?

OBS³: Se as informações foram escassas, favor solicitar.
Todos os endereços IPs aqui são fictício, porem representam informações reais.

jeferson.junior

OpenVPN Remote Access | pfSense Acceess | LAN not Connecting

Good afternoon,

Environment:
Pfsense 2.3.4-RELEASE (amd64)
Installed on Vmware ESXI 5.5

Number of Wan Interfaces = 2

3 OpenVPN sites

01 = Affiliate peer to peer port 1190
02 = Affiliate peer to peer port 1180
03 = Remote Access  port 1194

IP LAN = 192.168.0.0/24
IP pfsense = 192.168.0.254
IP Tunnel OpenVPN 03 = 192.168.100.0/29
IP got at the OpenVPN connection  = 192.168.100.2

ps: I had followed many tutorials, including this: https://forum.pfsense.org/index.php?topic=129834.0

I'm with a little issue, I had setted up an OpenVPN connection client, I got connected in it, I got an IP from it (192.168.100.2), and I can access the web interface and got ping response from pfSense (192.168.0.254), but I can't access the local network (192.168.0.0/24).
It has 2 Wan interfaces, and all setting is on the first Wan (Firewall Rules, OpenVPN, Nat).

Must I setting a route to it?

ps:  It is already working correctly 2 site to site OpenVPN, and I didn't set any route.

ps²: looking at the firewall logs, it is beeing accepted, there is nothing beeing blocked.
In Firewall rules there is a rule allowing the VPN network to access the local network, no restrition IPv4 * * to Lan net
Looking the rules logs

Interface   Protocol    Source            Destination     State               Packets               Bytes
ovpns3      udp 	  192.168.100.2:10046 -> 192.168.0.50:53 	NO_TRAFFIC:SINGLE 	1 / 0        65 B / 0 B 	
ovpns3      udp 	  192.168.100.2:13670 -> 192.168.0.60:53 	NO_TRAFFIC:SINGLE 	1 / 0        65 B / 0 B 	
ovpns3      udp 	  192.168.100.2:29634 -> 192.168.0.60:53 	NO_TRAFFIC:SINGLE 	1 / 0        64 B / 0 B 	
ovpns3      udp 	  192.168.100.2:30177 -> 192.168.0.60:53 	NO_TRAFFIC:SINGLE 	1 / 0 	     59 B / 0 B 	
ovpns3      udp 	  192.168.100.2:30640 -> 192.168.0.50:53 	NO_TRAFFIC:SINGLE 	1 / 0 	     64 B / 0 B 	
ovpns3      udp 	  192.168.100.2:6678 ->  192.168.0.50:53 	NO_TRAFFIC:SINGLE 	1 / 0 	     59 B / 0 B

OpenVPN Setting

General Information
Server mode:    Remote Access (SSL/TLS + User Auth)
Backend for authentication: Active Directory
Protocol:   UDP
Device mode:    TUN
Interface:  WAN1
Local Port: 1194

Cryptographic Settings
TLS authentication: checked
Peer Certificate Authority: CA_OpenVPN
Server certificate: Cert_OpenVPN_Server
DH Parameter length (bits): 2048
Encryption Algorithm: AES-256-CBC
Auth digest algorithm: SHA256
Hardware Crypto:    No
Certificate Depth: One (Client+Server)
Strict User-CN Matching: Unchecked

Tunnel Settings
IPv4 Tunnel Network: 192.168.100.0/29
IPv6 Tunnel Network: -
Redirect Gateway: Unchecked
IPv4 Lo
cal network(s): 192.168.0.0/24
IPv6 Local network(s): -
Concurrent connections:
Compression: Habilitado, Adaptative
Type-of-Service: checked
Inter-client communication: Unchecked
Duplicate Connection: Unchecked
Disable IPv6: checked

Client Settings
Dynamic IP: checked
Address Pool: checked
Topology: Subnet -- One IP Address per client in a common Subnet

Advanced Client Settings
DNS Default Domain: checked
DNS Default Domain: mydomain
DNS Server enable: checked
DNS Server 1: 192.168.0.60
DNS Server 2: 192.168.0.50
Block Outside DNS: Unchecked
Force DNS cache update: Unchecked
NTP Server enable: Unchecked
NetBIOS enable: Unchecked
Enable custom port: Unchecked

Advanced Configuration
No change

I got a Packet Capture

Packet Capture Options
Interface: OpenVPN_Client
Promiscuous: Unchecked
Address Family: any]
Protocol: any
Host Address: -
Port: -
Packet Length: 0
Count: 100
Level of detail: Normal
Reverse DNS Lookup: Unchecked

Packets Captured

10:45:44.004702 IP 192.168.100.2.46499 > 192.168.0.60.53: UDP, length 37
10:45:48.654349 IP 192.168.100.2.40236 > 192.168.0.60.53: UDP, length 36
10:45:48.671845 IP 192.168.100.2.38575 > 192.168.0.60.53: UDP, length 39
10:45:48.835013 IP 192.168.100.2.1318 > 192.168.0.60.53: UDP, length 33
10:45:49.009172 IP 192.168.100.2.60921 > 192.168.0.50.53: UDP, length 37
10:45:51.245159 IP 192.168.100.2.57456 > 192.168.0.60.53: UDP, length 37
10:45:53.661205 IP 192.168.100.2.61035 > 192.168.0.50.53: UDP, length 36
10:45:53.674875 IP 192.168.100.2.37177 > 192.168.0.50.53: UDP, length 39
10:45:53.841873 IP 192.168.100.2.38436 > 192.168.0.50.53: UDP, length 33
10:45:54.026358 IP 192.168.100.2.46499 > 192.168.0.60.53: UDP, length 37
10:45:56.253528 IP 192.168.100.2.63759 > 192.168.0.50.53: UDP, length 37
10:45:58.638449 IP 192.168.100.2.48402 > 192.168.0.60.53: UDP, length 38
10:45:58.682023 IP 192.168.100.2.40236 > 192.168.0.60.53: UDP, length 36
10:45:58.682116 IP 192.168.100.2.38575 > 192.168.0.60.53: UDP, length 39
10:45:58.863800 IP 192.168.100.2.1318 > 192.168.0.60.53: UDP, length 33
10:45:59.015410 IP 192.168.100.2.60921 > 192.168.0.50.53: UDP, length 37
10:46:01.249763 IP 192.168.100.2.57456 > 192.168.0.60.53: UDP, length 37
10:46:03.630210 IP 192.168.100.2.2047 > 192.168.0.50.53: UDP, length 38
10:46:03.669477 IP 192.168.100.2.61035 > 192.168.0.50.53: UDP, length 36
10:46:03.681827 IP 192.168.100.2.37177 > 192.168.0.50.53: UDP, length 39
10:46:03.857357 IP 192.168.100.2.38436 > 192.168.0.50.53: UDP, length 33
10:46:04.028139 IP 192.168.100.2.57515 > 192.168.0.60.53: UDP, length 37
10:46:06.256763 IP 192.168.100.2.63759 > 192.168.0.50.53: UDP, length 37
10:46:08.030200 IP 192.168.100.2.40177 > 192.168.0.60.53: UDP, length 39
10:46:08.675615 IP 192.168.100.2.48402 > 192.168.0.60.53: UDP, length 38
10:46:08.684214 IP 192.168.100.2.34894 > 192.168.0.60.53: UDP, length 36
10:46:08.687934 IP 192.168.100.2.55661 > 192.168.0.60.53: UDP, length 39
10:46:08.858353 IP 192.168.100.2.34322 > 192.168.0.60.53: UDP, length 33
10:46:09.025574 IP 192.168.100.2.50621 > 192.168.0.50.53: UDP, length 37
10:46:11.033067 IP 192.168.100.2.46173 > 192.168.0.60.53: UDP, length 37
10:46:11.252529 IP 192.168.100.2.53998 > 192.168.0.60.53: UDP, length 37
10:46:11.252562 IP 192.168.100.2.51758 > 192.168.0.60.53: UDP, length 37
10:46:11.252596 IP 192.168.100.2.59832 > 192.168.0.60.53: UDP, length 37
10:46:11.257781 IP 192.168.100.2.44323 > 192.168.0.60.53: UDP, length 37
10:46:11.292618 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
10:46:11.549996 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
10:46:12.292619 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
10:46:12.546085 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
10:46:13.037521 IP 192.168.100.2.44615 > 192.168.0.50.53: UDP, length 39
10:46:13.656319 IP 192.168.100.2.2047 > 192.168.0.50.53: UDP, length 38
10:46:13.682013 IP 192.168.100.2.49618 > 192.168.0.50.53: UDP, length 36
10:46:13.692612 IP 192.168.100.2.52150 > 192.168.0.50.53: UDP, length 39
10:46:13.878476 IP 192.168.100.2.54666 > 192.168.0.50.53: UDP, length 33
10:46:14.037156 IP 192.168.100.2.57515 > 192.168.0.60.53: UDP, length 37
10:46:14.314500 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
10:46:14.543956 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
10:46:16.048173 IP 192.168.100.2.34398 > 192.168.0.50.53: UDP, length 37
10:46:16.256673 IP 192.168.100.2.60227 > 192.168.0.50.53: UDP, length 37
10:46:16.256705 IP 192.168.100.2.42632 > 192.168.0.50.53: UDP, length 37
10:46:16.256816 IP 192.168.100.2.46519 > 192.168.0.50.53: UDP, length 37
10:46:16.258064 IP 192.168.100.2.45443 > 192.168.0.50.53: UDP, length 37
10:46:18.109490 IP 192.168.100.2.40177 > 192.168.0.60.53: UDP, length 39
10:46:18.304995 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
10:46:18.324530 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
10:46:18.553209 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
10:46:18.644932 IP 192.168.100.2.43017 > 192.168.0.60.53: UDP, length 38
10:46:18.686796 IP 192.168.100.2.34894 > 192.168.0.60.53: UDP, length 36
10:46:18.697621 IP 192.168.100.2.55661 > 192.168.0.60.53: UDP, length 39
10:46:18.863908 IP 192.168.100.2.34322 > 192.168.0.60.53: UDP, length 33
10:46:19.027853 IP 192.168.100.2.50621 > 192.168.0.50.53: UDP, length 37
10:46:19.335404 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
10:46:21.082807 IP 192.168.100.2.46173 > 192.168.0.60.53: UDP, length 37
10:46:21.267447 IP 192.168.100.2.53998 > 192.168.0.60.53: UDP, length 37
10:46:21.267480 IP 192.168.100.2.51758 > 192.168.0.60.53: UDP, length 37
10:46:21.267617 IP 192.168.100.2.59832 > 192.168.0.60.53: UDP, length 37
10:46:21.267691 IP 192.168.100.2.44323 > 192.168.0.60.53: UDP, length 37
10:46:21.323851 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
10:46:23.051414 IP 192.168.100.2.44615 > 192.168.0.50.53: UDP, length 39
10:46:23.653867 IP 192.168.100.2.55766 > 192.168.0.50.53: UDP, length 38
10:46:23.701073 IP 192.168.100.2.49618 > 192.168.0.50.53: UDP, length 36
10:46:23.701729 IP 192.168.100.2.52150 > 192.168.0.50.53: UDP, length 39
10:46:23.869555 IP 192.168.100.2.54666 > 192.168.0.50.53: UDP, length 33
10:46:24.043412 IP 192.168.100.2.35269 > 192.168.0.60.53: UDP, length 45
10:46:24.144075 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:24.144135 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
10:46:24.154976 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:24.155125 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 179
10:46:24.155159 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
10:46:24.158416 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 1329
10:46:24.158438 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 1329
10:46:24.158445 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 445
10:46:24.165002 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:24.165504 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:24.170297 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:24.176650 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 126
10:46:24.176687 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
10:46:24.177501 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 51
10:46:24.187966 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:24.188002 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
10:46:24.188072 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
10:46:24.190173 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
10:46:25.345036 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
10:46:26.044520 IP 192.168.100.2.34398 > 192.168.0.50.53: UDP, length 37
10:46:26.158599 IP 192.168.100.2.35981 > 192.168.0.254.443: tcp 0
10:46:26.158675 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 0
10:46:26.167414 IP 192.168.100.2.35981 > 192.168.0.254.443: tcp 0
10:46:26.167541 IP 192.168.100.2.35981 > 192.168.0.254.443: tcp 179
10:46:26.167571 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 0
10:46:26.170166 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 1329
10:46:26.170186 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 1329

I had realized in Diagnostics -> Route the following

Destination	        Gateway	        Flags	Use	  Mtu	Netif	Expire
192.168.100.0/29	192.168.100.2	UGS	     0	  1500	ovpns3

Should I assign an interface to this OpenVPN connection, and create a route?

ps³: Sorry, if the information is too poor, please feel free to ask anything.
All the IP addresses here is not real, but represent a real information.

chipbr

@jeferson.junior:

Percebi que em Diagnostics -> Route no pfSense o seguinte:

Destination	        Gateway	        Flags	Use	  Mtu	Netif	Expire
192.168.100.0/29	192.168.100.2	UGS	     0	  1500	ovpns3

Tenho que atribuir uma interface a esta conexão do OpenVPN e criar uma rota?

OBS³: Se as informações foram escassas, favor solicitar.
Todos os endereços IPs aqui são fictício, porem representam informações reais.

você liberou o acesso (regras de firewall) na interface ovpns3 ?

Bomsao

Bom dia,

Não consegue acessar de onde pra onde?

pskinfra

Caro, jeferson.junior.

Tente uma classe de rede diferente. Ex: 10.20.0.0/29

Att.
Whatsapp: 021 9 6403-5250

Bomsao

@pskinfra:

Caro, jeferson.junior.

A rede /24 contempla a rede /29. A rede "vlsm" /29, é apenas uma subrede da /24.

Para o openvpn funciona tem que ser uma rede diferente! Por ex: 10.20.0.0/29

Verdade. Bem Observado.

Att.
Whatsapp: 021 9 6403-5250

jeferson.junior

@chipbr:

@jeferson.junior:

Percebi que em Diagnostics -> Route no pfSense o seguinte:

Destination	        Gateway	        Flags	Use	  Mtu	Netif	Expire
192.168.100.0/29	192.168.100.2	UGS	     0	  1500	ovpns3

Tenho que atribuir uma interface a esta conexão do OpenVPN e criar uma rota?

OBS³: Se as informações foram escassas, favor solicitar.
Todos os endereços IPs aqui são fictício, porem representam informações reais.

você liberou o acesso (regras de firewall) na interface ovpns3 ?

Sim liberado.
Minha dúvida na citação acima é quanto ao gateway 192.168.100.2 sendo este o ip que recebo ao conectar remotamente.

Protocol:   IPV4* 
Source: 192.168.100.0/29 
Port:   *   
Destination:    LAN Net
Port:  *
Gateway:    *
Queue:  none

e também no sentido inverso (LAN OpenVPN), invertendo Source e destination.

jeferson.junior

@bomsao:

Bom dia,

Não consegue acessar de onde pra onde?

Do acesso remoto OpenVPN para a LAN, consigo acessar o pfsense no IP da LAN
Da LAn para o acesso remoto OpenVPN também não é possível acesso, porem nos logs do firewall não consta bloqueio, todas as conexões estão passando,
por isso acho que tem haver com rota.

jeferson.junior

@pskinfra:

Caro, jeferson.junior.

Tente uma classe de rede diferente. Ex: 10.20.0.0/29

Att.
Whatsapp: 021 9 6403-5250

Boa tarde,

o IP 192.168.100.0/29 é fictício, está na na class A (EX: 10.0.0.0/29)

Bomsao

Coloca /30 na configuração do tunel do cliente e coloca a rede da lan nas configuraçoes da rede remota.

criar uma regra any na interface openvpn

pskinfra

Caro jeferson.junior.

Seu PfSense apenas está no domínio de broadcast (rede), sendo assim o gateway para os hosts que você aponta estaticamente.

Por mais que a rede (/29) do seu OpenVPN fale com o seu PF(GW), ele irá recorrer ao default gateway da rede, ou seja, seria quem o FW está se conectando ( 192.168.100.1 ), o que talvez você deveria criar rota estática para sua rede do túnel openvpn nesse default gw.

Para funcionamento simples e "correto", o PfSense deveria ser o GW da rede ( se a intenção é ser firewall e ter uma administração centralizada ).

Att,
Whatsapp: 021 9 64035250

jeferson.junior

@pskinfra:

Caro jeferson.junior.

Seu PfSense apenas está no domínio de broadcast (rede), sendo assim o gateway para os hosts que você aponta estaticamente.

Por mais que a rede (/29) do seu OpenVPN fale com o seu PF(GW), ele irá recorrer ao default gateway da rede, ou seja, seria quem o FW está se conectando ( 192.168.100.1 ), o que talvez você deveria criar rota estática para sua rede do túnel openvpn nesse default gw.

Para funcionamento simples e "correto", o PfSense deveria ser o GW da rede ( se a intenção é ser firewall e ter uma administração centralizada ).

Att,
Whatsapp: 021 9 64035250

Por descuido, passou desapercebido, o pfsense não é o único gateway da rede, configurei a rota no outro gateway, apontando a rota para o ip do pfsense e tudo esta funcionando.

Obrigado a todos pela ajuda.

empbilly

Jeferso,

Bacana que foi resolvido.

Edita teu primeiro post e poe no inicio como [RESOLVIDO]. :D