Problem: Access OpenVPN Clients from LAN?
-
Hi,
we have OpenVPN (TUN) up and running. Clients can access the LAN without problems.
But we need to access the Clients from our LAN. This is not possible. Not even a ping…
Is there something that we are missing or doing wrong? Or is it by design?
What shall we do to let LAN devices access the OpenVPN clients?Thanks a lot!
-demux -
Hi,
You probably have to push a route into the hosts in your lan saying , " TO JOIN THE CLIENT X you have to go through the gateway " which is an openvpn client too " " And then the OpenVPN Client should take the relay, and forward the packet to the distant client
-
This should be done by the router. It knows where to route the packets that are not part of the LAN's subnet. And this router is the pfsense box.
It does this correctly in one direction (OpenVPN clients -> LAN), but not in the other (LAN -> OpenVPN clients).I can ping the router with both IP addresses: It's own address and it's .1 address from OpenVPN's subnet.
traceroute to an OpenVPN client shows that it goes to the router, but not any further.-demux
-
Don't forget that when attempting to reach clients, the clients must also allow it. For example, Windows firewall will block those incoming connections by default.
The firewall will deliver the packets to those clients by default unless you are policy routing, blocking the traffic, or otherwise preventing the LAN hosts from reaching the OpenVPN clients.
-
Yes, it was the firewall.
After installing Kaspersky there was "another" firewall manager above the Windows firewall.
There I had to add the subnet and add the connection to "Local LAN".Thanks a lot!
-demux