Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN and NAT newbie question

    NAT
    3
    3
    403
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eforslund
      last edited by

      I am pretty new to pfSense and have a question I can't seem to figure out. My network has two layer 3, Cisco SG500 series of switches (SG500-52P and SG500-28P) and cannot access the switch GUIs via their interfaces at X.X.X.2 for any of the subnets. This is probably easier fixed via security settings in the switch but that isn't an option at this point as I am remote for a couple weeks and cant get into the switch via GUI or telnet.

      I have a pfSense firewall (running the latest 2.4.2-RELEASE-p1) with the pfSense box functioning as the router as well.

      My LAN is divided into 5 subnets on 4 separate physical interfaces from the pf box to 5 ports on the master switch (SG500-52P):

      192.168.1.0

      192.168.2.0

      192.168.3.0

      192.168.4.0

      192.168.5.0 (5 on same physical interface as 4)

      All interfaces for the 5 subnets are 1.2, 2.2, 3.3 etc. From physically within my LAN, I can ping and access the SG500-52P and 28P switch GUIs from any subnet. My computer has a DHCP (also done by the pfSense box) address of 192.168.1.xxx (usually 182) when physically on the LAN. Again, no issues accessing the switches or pinging any nodes on any subnet- all good.

      The issue is when I VPN into the pfSense (using OpenVpn). I understand it is recommended that the subnet/ DHCP range for the VPN clients be one that isn't used as LAN subnets so I set it as 192.168.0.0 with ip range of 0.2, 0.3, etc. Via the VPN, I can ping and access all nodes on any of the LAN subnets such as NAS's on 192.168.2.0 with no problem but cannot ping or access and of the Switch GUI's (192.168.x.2) and conversely cannot ping the VPN client from the switch either. I am sure there is a very easy solution that I am overlooking but I is driving me crazy!

      Thanks for any help you can give this poor novice and go easy on me please!

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Do the switches have set the pfSense internal IP as gateway?

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Just because the switches are layer 3.. Doesn't mean your using them as that.. If so pfsense would be on a transit network which you make no mention of..  And you state you have 5 interfaces running from pfsense to your switch..

          My guess is you have SVIs setup on your different networks but not really doing routing on the switches?  And viragomann is prob correct you didn't setup a gateway on the switches.

          So you have 2 options here.. Setup the gateway on the interface you want to hit when you come from the vpn by remote one of your pcs and accessing your switch from that pc..  Or just source nat your vpn connection so it is on whatever network your trying to access.

          Or just leave it how it is and access the switches from one of your lan machines when your vpn'd in.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.