Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense Remote access OpenVPN - Communicate with host but nothing else.

    OpenVPN
    2
    4
    961
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sentein
      last edited by

      Okay i setup my first PFsense 3 days ago. I have successfully created an OpenVPN tun with communication from remote to host and back. I can login to PFsense remotely and make any changes i want without issue. I can ping my router/firewall without fail. I cannot ping or login via IP into either of my network servers. These servers are both on the same subnet as PFsense with Static IPs set at both server. My DHCP starts in a range well above the servers. I can easily login to PFsense or either of my servers while on physical location. I used the OpenVPN wizard to set this up. I have been tinkering with this VPN for 2 days thus far. It seems like i am missing something that should be very simple.

      PF: 192.168.10.1/24
      SR1: 192.168.10.10/24
      SR2: 192.168.10.12/24

      Working Tun
      10.0.10.0/24
      10.0.10.2 can actively connect to 192.168.10.1 changing settings in PFsense - Ping = 55ms avg
      This cannot connect to 192.168.10.10 or 12

      My bet at this point is that what i would like to do is not possible without either a plugin or some serious config changes. I am looking have every VPN Client either gain a dhcp from the main machine so i can have communication with the machines on my home network from anywhere. Or any IP doweled out by the VPN has an associated Virtual IP that is a DHCP IP in my home networks subnet so that i can keep the integrity of the VPN with the ability to connect to any machine. I do understand that the second option would need to have associated IP tables to make it all work.

      Does anyone have any thought on the network communication problems in paragraph one? If not is there any way to make anything in the second paragraph work? I do know the second paragraph seems a bit unreasonable. I have been racking my brain for 2 days and might now be mush. Please do not rip on me too bad.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        I assume the pfSense is not the default gateway on the servers.  ???
        If it isn't and should never become, you can only solve this issue by natting the packets to the pfSense LAN address. This is okay if you're the only one vpn user, cause you cannot determine different users on the destination device, doing that.

        1 Reply Last reply Reply Quote 0
        • S
          sentein
          last edited by

          Both servers do use 192.168.10.1 as their default gateway address. The firewall rules installed by the OpenVPN wizard look like they are the same as every other config i have read about or watched a video on.  Are there any plugins or modules that would adversely effect the way the VPN communicates through the Host? The host also being the gateway should redirect packets back through the VPN that they are sent from correct? I am starting to wonder if my packets are making to the machines but are not being routed back properly?

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            If pfSense is the default gateway response packets should correctly be routed back.

            Check if the server block the access by their own firewall.

            To ensure what's going on, you can sniff the traffic on pfSense in Dignostics > Packet capture.
            Select the interface which the servers are connected to, set other filters if you want and start the capture. Try to access the server from the vpn client and stop it to see the packets.
            You should at least see the requests, since pfSense should pass it, cause the wizard sets an allow any to any rule.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.