[Solved] Access local devices over VPN (Yet Another)



  • Okay guys, I SERIOUSLY did not want to ask this question.

    I know there are a thousand and 1 other threads on this but nothing has worked. I may have bonkered my PFsense messing around so much… Here's what I'm dealing with:

    Goal: Connect to VPN with Mac OSX or Android and access any of my LAN web servers on port 80

    LAN: 10.0.0.0/24
    OpenVPN: 10.0.10.0/24

    VPN Client: 10.0.10.2
    Local resource: 10.0.0.20

    All local resources have PFSense as its DF Gateway.

    I CAN access the PFSense over VPN, but can't ping any other device.

    I set up OpenVPN server according to this guide using the wizard and let it create FW rule and NAT rule:
    Guide: https://www.youtube.com/watch?v=7rQ-Tgt3L18

    
    server config:
    dev ovpns1
    verb 3
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    client-connect /usr/local/sbin/openvpn.attributes.sh
    client-disconnect /usr/local/sbin/openvpn.attributes.sh
    multihome
    tls-server
    server 10.0.10.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc/server1
    username-as-common-name
    auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 1194" via-env
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'PF_VPN' 1"
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 5
    push "route 10.0.0.0 255.255.255.0"
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"
    push "dhcp-option DNS 208.67.222.222"
    push "dhcp-option DNS 208.67.220.220"
    client-to-client
    duplicate-cn
    ca /var/etc/openvpn/server1.ca 
    cert /var/etc/openvpn/server1.cert 
    key /var/etc/openvpn/server1.key 
    dh /etc/dh-parameters.2048
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    ncp-ciphers AES-256-GCM:AES-128-GCM
    comp-lzo adaptive
    persist-remote-ip
    float
    topology subnet
    
    

    Client Config:

    dev tun
    persist-tun
    persist-key
    cipher AES-256-CBC
    auth SHA1
    tls-client
    client
    resolv-retry infinite
    remote x.x.x.x 1194 udp
    verify-x509-name “PF_VPN" name
    auth-user-pass
    remote-cert-tls server
    comp-lzo adaptive
    
     <ca>-----BEGIN CERTIFICATE-----
    xxxx
    -----END CERTIFICATE-----</ca> 
     <cert>-----BEGIN CERTIFICATE-----
    xxxx
    -----END CERTIFICATE-----</cert> 
     <key>-----BEGIN PRIVATE KEY-----
    xxxx——END PRIVATE KEY-----</key> 
     <tls-auth>#
    # 2048 bit OpenVPN static key
    #
    -----BEGIN OpenVPN Static key V1-----
    xxxx
    -----END OpenVPN Static key V1-----</tls-auth> 
    key-direction 1
    
    

    Thoughts?



  • SUCCESS!

    Looks like it was me all along. I had left the /8 mask on my LAN Network. So really I was running 10.0.0.0 255.0.0.0

    I changed my LAN Interface to 10.0.0.0/24, rebooted DHCP devices (or release/renewed) and suddenly I can access all my local devices.

    OI!

    It makes sense to me now because my VPN IP pool was technically WITHIN my LAN network.

    Ever have one of those days? The last 3 were that for me.

    Oi… Hope this helps someone else!


Log in to reply