4. [Solved] Access local devices over VPN (Yet Another)

[Solved] Access local devices over VPN (Yet Another)

  • G

    Okay guys, I SERIOUSLY did not want to ask this question.

    I know there are a thousand and 1 other threads on this but nothing has worked. I may have bonkered my PFsense messing around so much… Here's what I'm dealing with:

    Goal: Connect to VPN with Mac OSX or Android and access any of my LAN web servers on port 80

    LAN: 10.0.0.0/24
    OpenVPN: 10.0.10.0/24

    VPN Client: 10.0.10.2
    Local resource: 10.0.0.20

    All local resources have PFSense as its DF Gateway.

    I CAN access the PFSense over VPN, but can't ping any other device.

    I set up OpenVPN server according to this guide using the wizard and let it create FW rule and NAT rule:
    Guide: https://www.youtube.com/watch?v=7rQ-Tgt3L18

    
server config:
dev ovpns1
verb 3
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
multihome
tls-server
server 10.0.10.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server1
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 1194" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'PF_VPN' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 5
push "route 10.0.0.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
client-to-client
duplicate-cn
ca /var/etc/openvpn/server1.ca 
cert /var/etc/openvpn/server1.cert 
key /var/etc/openvpn/server1.key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
ncp-ciphers AES-256-GCM:AES-128-GCM
comp-lzo adaptive
persist-remote-ip
float
topology subnet

    Client Config:

    dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote x.x.x.x 1194 udp
verify-x509-name “PF_VPN" name
auth-user-pass
remote-cert-tls server
comp-lzo adaptive

 <ca>-----BEGIN CERTIFICATE-----
xxxx
-----END CERTIFICATE-----</ca> 
 <cert>-----BEGIN CERTIFICATE-----
xxxx
-----END CERTIFICATE-----</cert> 
 <key>-----BEGIN PRIVATE KEY-----
xxxx——END PRIVATE KEY-----</key> 
 <tls-auth>#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxxx
-----END OpenVPN Static key V1-----</tls-auth> 
key-direction 1

    Thoughts?

    0
  • G

    SUCCESS!

    Looks like it was me all along. I had left the /8 mask on my LAN Network. So really I was running 10.0.0.0 255.0.0.0

    I changed my LAN Interface to 10.0.0.0/24, rebooted DHCP devices (or release/renewed) and suddenly I can access all my local devices.

    OI!

    It makes sense to me now because my VPN IP pool was technically WITHIN my LAN network.

    Ever have one of those days? The last 3 were that for me.

    Oi… Hope this helps someone else!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy