Access local pc via openvpn



  • Hello
    I setup oepnvpn server on vps (centos). Pfsense connect and I can browse. From lan side I can ping oepnvpn server ip but from openvpn server or others openvpn client I can not ping local pc behind pfsense. Where do I start looking?
    Openvpn server Ip : 10.8.0.1
    Pfsense Ip (vpn Ip) : 10.8.0.2
    Pfsense Local Ip : 192.168.10.99
    Lan Pc : 192.168.10.100

    
    Openvpn Server :
    port 1195
    proto udp
    dev tun
    user nobody
    group nobody
    persist-key
    persist-tun
    keepalive 10 120
    topology subnet
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"
    push "redirect-gateway def1 bypass-dhcp" 
    crl-verify crl.pem
    ca ca.crt
    cert server_1uN8x5lUtTuW9IRX.crt
    key server_1uN8x5lUtTuW9IRX.key
    tls-auth tls-auth.key 0
    dh dh.pem
    auth SHA256
    cipher AES-128-CBC
    tls-server
    tls-version-min 1.2
    tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
    status openvpn.log
    verb 3
    # Client Config Directory
    client-config-dir /etc/openvpn/ccd
    
    
    
    Cleint Config:
    client
    proto udp
    remote *********************************
    dev tun
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    remote-cert-tls server
    verify-x509-name server_1uN8x5lUtTuW9IRX name
    auth SHA256
    auth-nocache
    cipher AES-128-CBC
    tls-client
    tls-version-min 1.2
    tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
    setenv opt block-outside-dns
    verb 3
    key-direction 1
    
    ```![Openvpn Lan copy.jpg](/public/_imported_attachments_/1/Openvpn Lan copy.jpg)
    ![Openvpn Lan copy.jpg_thumb](/public/_imported_attachments_/1/Openvpn Lan copy.jpg_thumb)


  • You'll need to create a firewall rule on the OpenVPN tab with that IP range as the source, otherwise it'll be blocked.  If you just make that range the source and the destination Any, it should let everything through.



  • Hi
    Openvpn tab not my vpn client interface?



  • Rebel Alliance Global Moderator

    Why would you not just run openvpn server on pfsense?

    Looks like your trying to use pfsense as client and another client.  And then let some client through the common vpn tunnel into devices behind pfsense..

    Also keep in mind this client behind pfsense own firewall.. For example out of the box windows would not allow access from your tunnel network.



  • My isp did not give me real ip. So I attach a cenos openvpn client. Real ip too much costly here.


  • Rebel Alliance Global Moderator

    So your saying your behind a carrier grade nat and have no way for inbound traffic to your pfsense box.



  • Yes and they block sip packet too.


  • Rebel Alliance Global Moderator

    Well let me see… I have a vps running openvpn access server, that pfsense is a client into... Let me see what you have to do allow another client of this openvpn access server running on vps into network behind pfsense...

    Should be a simple route.. Give me a bit..



  • Hi Johnpoz
    Do you get any solution for me?