Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Access local devices over VPN (Yet Another)

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 474 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GuardianOfThePackets
      last edited by

      Okay guys, I SERIOUSLY did not want to ask this question.

      I know there are a thousand and 1 other threads on this but nothing has worked. I may have bonkered my PFsense messing around so much… Here's what I'm dealing with:

      Goal: Connect to VPN with Mac OSX or Android and access any of my LAN web servers on port 80

      LAN: 10.0.0.0/24
      OpenVPN: 10.0.10.0/24

      VPN Client: 10.0.10.2
      Local resource: 10.0.0.20

      All local resources have PFSense as its DF Gateway.

      I CAN access the PFSense over VPN, but can't ping any other device.

      I set up OpenVPN server according to this guide using the wizard and let it create FW rule and NAT rule:
      Guide: https://www.youtube.com/watch?v=7rQ-Tgt3L18

      
server config:
dev ovpns1
verb 3
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
multihome
tls-server
server 10.0.10.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server1
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 1194" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'PF_VPN' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 5
push "route 10.0.0.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
client-to-client
duplicate-cn
ca /var/etc/openvpn/server1.ca 
cert /var/etc/openvpn/server1.cert 
key /var/etc/openvpn/server1.key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
ncp-ciphers AES-256-GCM:AES-128-GCM
comp-lzo adaptive
persist-remote-ip
float
topology subnet

      Client Config:

      dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote x.x.x.x 1194 udp
verify-x509-name “PF_VPN" name
auth-user-pass
remote-cert-tls server
comp-lzo adaptive

 <ca>-----BEGIN CERTIFICATE-----
xxxx
-----END CERTIFICATE-----</ca> 
 <cert>-----BEGIN CERTIFICATE-----
xxxx
-----END CERTIFICATE-----</cert> 
 <key>-----BEGIN PRIVATE KEY-----
xxxx——END PRIVATE KEY-----</key> 
 <tls-auth>#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxxx
-----END OpenVPN Static key V1-----</tls-auth> 
key-direction 1

      Thoughts?

      1 Reply Last reply Reply Quote 0
      • G
        GuardianOfThePackets
        last edited by

        SUCCESS!

        Looks like it was me all along. I had left the /8 mask on my LAN Network. So really I was running 10.0.0.0 255.0.0.0

        I changed my LAN Interface to 10.0.0.0/24, rebooted DHCP devices (or release/renewed) and suddenly I can access all my local devices.

        OI!

        It makes sense to me now because my VPN IP pool was technically WITHIN my LAN network.

        Ever have one of those days? The last 3 were that for me.

        Oi… Hope this helps someone else!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.