Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Access local devices over VPN (Yet Another)

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 474 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GuardianOfThePackets
      last edited by

      Okay guys, I SERIOUSLY did not want to ask this question.

      I know there are a thousand and 1 other threads on this but nothing has worked. I may have bonkered my PFsense messing around so much… Here's what I'm dealing with:

      Goal: Connect to VPN with Mac OSX or Android and access any of my LAN web servers on port 80

      LAN: 10.0.0.0/24
      OpenVPN: 10.0.10.0/24

      VPN Client: 10.0.10.2
      Local resource: 10.0.0.20

      All local resources have PFSense as its DF Gateway.

      I CAN access the PFSense over VPN, but can't ping any other device.

      I set up OpenVPN server according to this guide using the wizard and let it create FW rule and NAT rule:
      Guide: https://www.youtube.com/watch?v=7rQ-Tgt3L18

      
      server config:
      dev ovpns1
      verb 3
      dev-type tun
      dev-node /dev/tun1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-256-CBC
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      client-connect /usr/local/sbin/openvpn.attributes.sh
      client-disconnect /usr/local/sbin/openvpn.attributes.sh
      multihome
      tls-server
      server 10.0.10.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc/server1
      username-as-common-name
      auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 1194" via-env
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'PF_VPN' 1"
      lport 1194
      management /var/etc/openvpn/server1.sock unix
      max-clients 5
      push "route 10.0.0.0 255.255.255.0"
      push "dhcp-option DNS 8.8.8.8"
      push "dhcp-option DNS 8.8.4.4"
      push "dhcp-option DNS 208.67.222.222"
      push "dhcp-option DNS 208.67.220.220"
      client-to-client
      duplicate-cn
      ca /var/etc/openvpn/server1.ca 
      cert /var/etc/openvpn/server1.cert 
      key /var/etc/openvpn/server1.key 
      dh /etc/dh-parameters.2048
      tls-auth /var/etc/openvpn/server1.tls-auth 0
      ncp-ciphers AES-256-GCM:AES-128-GCM
      comp-lzo adaptive
      persist-remote-ip
      float
      topology subnet
      
      

      Client Config:

      dev tun
      persist-tun
      persist-key
      cipher AES-256-CBC
      auth SHA1
      tls-client
      client
      resolv-retry infinite
      remote x.x.x.x 1194 udp
      verify-x509-name “PF_VPN" name
      auth-user-pass
      remote-cert-tls server
      comp-lzo adaptive
      
       <ca>-----BEGIN CERTIFICATE-----
      xxxx
      -----END CERTIFICATE-----</ca> 
       <cert>-----BEGIN CERTIFICATE-----
      xxxx
      -----END CERTIFICATE-----</cert> 
       <key>-----BEGIN PRIVATE KEY-----
      xxxx——END PRIVATE KEY-----</key> 
       <tls-auth>#
      # 2048 bit OpenVPN static key
      #
      -----BEGIN OpenVPN Static key V1-----
      xxxx
      -----END OpenVPN Static key V1-----</tls-auth> 
      key-direction 1
      
      

      Thoughts?

      1 Reply Last reply Reply Quote 0
      • G
        GuardianOfThePackets
        last edited by

        SUCCESS!

        Looks like it was me all along. I had left the /8 mask on my LAN Network. So really I was running 10.0.0.0 255.0.0.0

        I changed my LAN Interface to 10.0.0.0/24, rebooted DHCP devices (or release/renewed) and suddenly I can access all my local devices.

        OI!

        It makes sense to me now because my VPN IP pool was technically WITHIN my LAN network.

        Ever have one of those days? The last 3 were that for me.

        Oi… Hope this helps someone else!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.