[Solved] Access local devices over VPN (Yet Another)
-
Okay guys, I SERIOUSLY did not want to ask this question.
I know there are a thousand and 1 other threads on this but nothing has worked. I may have bonkered my PFsense messing around so much… Here's what I'm dealing with:
Goal: Connect to VPN with Mac OSX or Android and access any of my LAN web servers on port 80
LAN: 10.0.0.0/24
OpenVPN: 10.0.10.0/24VPN Client: 10.0.10.2
Local resource: 10.0.0.20All local resources have PFSense as its DF Gateway.
I CAN access the PFSense over VPN, but can't ping any other device.
I set up OpenVPN server according to this guide using the wizard and let it create FW rule and NAT rule:
Guide: https://www.youtube.com/watch?v=7rQ-Tgt3L18server config: dev ovpns1 verb 3 dev-type tun dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-256-CBC auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh multihome tls-server server 10.0.10.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc/server1 username-as-common-name auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 1194" via-env tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'PF_VPN' 1" lport 1194 management /var/etc/openvpn/server1.sock unix max-clients 5 push "route 10.0.0.0 255.255.255.0" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" client-to-client duplicate-cn ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.2048 tls-auth /var/etc/openvpn/server1.tls-auth 0 ncp-ciphers AES-256-GCM:AES-128-GCM comp-lzo adaptive persist-remote-ip float topology subnet
Client Config:
dev tun persist-tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote x.x.x.x 1194 udp verify-x509-name “PF_VPN" name auth-user-pass remote-cert-tls server comp-lzo adaptive <ca>-----BEGIN CERTIFICATE----- xxxx -----END CERTIFICATE-----</ca> <cert>-----BEGIN CERTIFICATE----- xxxx -----END CERTIFICATE-----</cert> <key>-----BEGIN PRIVATE KEY----- xxxx——END PRIVATE KEY-----</key> <tls-auth># # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- xxxx -----END OpenVPN Static key V1-----</tls-auth> key-direction 1
Thoughts?
-
SUCCESS!
Looks like it was me all along. I had left the /8 mask on my LAN Network. So really I was running 10.0.0.0 255.0.0.0
I changed my LAN Interface to 10.0.0.0/24, rebooted DHCP devices (or release/renewed) and suddenly I can access all my local devices.
OI!
It makes sense to me now because my VPN IP pool was technically WITHIN my LAN network.
Ever have one of those days? The last 3 were that for me.
Oi… Hope this helps someone else!