OpenVPN Connected / LAN Gateway Reachable / LAN Clients not so much
-
I’ve been banging my head on this one for about a week now. Need some help.
My OpenVPN client connects with no issue. Once connected, I can reach the LAN gateway, but no other devices on the LAN.
LAN – 10.131.0.0 (pfSense is 10.131.0.1)
OpenVPN – 10.132.6.0 (pfSense is 10.132.6.1)Once connected, I can ping 10.132.6.1, 10.131.0.1, 8.8.8.8. I can not ping 10.131.0.11 which is a server on the network. I have confirmed I can ping that server when connected directly to the LAN.
I’ve set this up a couple of times with the wizard and tried several things mentioned in other posts. No luck though. Anyone have any ideas?
Here is some supplementary info:
Trying this with the Windows client exported from pfSense.
Server Config:
vpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
multihome
tls-server
server 10.132.6.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server1
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user hbkbkbkjbjkc2U= false server1 33900" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'ville-VPN' 1"
lport 33900
management /var/etc/openvpn/server1.sock unix
max-clients 10
push "route 10.131.0.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
ncp-ciphers AES-256-GCM:AES-128-GCM
persist-remote-ip
float
topology subnetClient Config:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote (Our WAN IP) 1194 udp
verify-x509-name "ville-VPN" name
auth-user-pass
pkcs12 pfSense-udp-1194-cf.p12
tls-auth pfSense-udp-1194-cf-tls.key 1
remote-cert-tls serverRoute Print:
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.121 50
10.131.0.0 255.255.255.0 10.132.6.1 10.132.6.2 35
10.132.6.0 255.255.255.0 On-link 10.132.6.2 291
10.132.6.2 255.255.255.255 On-link 10.132.6.2 291
10.132.6.255 255.255.255.255 On-link 10.132.6.2 291
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.43.0 255.255.255.0 On-link 192.168.43.121 306
192.168.43.121 255.255.255.255 On-link 192.168.43.121 306
192.168.43.255 255.255.255.255 On-link 192.168.43.121 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.132.6.2 291
224.0.0.0 240.0.0.0 On-link 192.168.43.121 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.132.6.2 291
255.255.255.255 255.255.255.255 On-link 192.168.43.121 306 -
Is the pfSense running the vpn server the default gateway on the LAN device?
Check if the system firewall of the server itself blocks the access.
-
Awesome. I could ping the server from the internal LAN, so I didn't think much about the Windows firewall. After turning that Windows firewall off to test, I could access the server over the VPN just fine. I turned the firewall back on and added a rule allowing incoming traffic from my OpenVPN IP range. We're all good now. Thanks for the help!