Access local pc via openvpn
-
Hello
I setup oepnvpn server on vps (centos). Pfsense connect and I can browse. From lan side I can ping oepnvpn server ip but from openvpn server or others openvpn client I can not ping local pc behind pfsense. Where do I start looking?
Openvpn server Ip : 10.8.0.1
Pfsense Ip (vpn Ip) : 10.8.0.2
Pfsense Local Ip : 192.168.10.99
Lan Pc : 192.168.10.100Openvpn Server : port 1195 proto udp dev tun user nobody group nobody persist-key persist-tun keepalive 10 120 topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" push "redirect-gateway def1 bypass-dhcp" crl-verify crl.pem ca ca.crt cert server_1uN8x5lUtTuW9IRX.crt key server_1uN8x5lUtTuW9IRX.key tls-auth tls-auth.key 0 dh dh.pem auth SHA256 cipher AES-128-CBC tls-server tls-version-min 1.2 tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 status openvpn.log verb 3 # Client Config Directory client-config-dir /etc/openvpn/ccd
Cleint Config: client proto udp remote ********************************* dev tun resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server verify-x509-name server_1uN8x5lUtTuW9IRX name auth SHA256 auth-nocache cipher AES-128-CBC tls-client tls-version-min 1.2 tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 setenv opt block-outside-dns verb 3 key-direction 1 ```![Openvpn Lan copy.jpg](/public/_imported_attachments_/1/Openvpn Lan copy.jpg) ![Openvpn Lan copy.jpg_thumb](/public/_imported_attachments_/1/Openvpn Lan copy.jpg_thumb)
-
You'll need to create a firewall rule on the OpenVPN tab with that IP range as the source, otherwise it'll be blocked. If you just make that range the source and the destination Any, it should let everything through.
-
Hi
Openvpn tab not my vpn client interface?
-
Why would you not just run openvpn server on pfsense?
Looks like your trying to use pfsense as client and another client. And then let some client through the common vpn tunnel into devices behind pfsense..
Also keep in mind this client behind pfsense own firewall.. For example out of the box windows would not allow access from your tunnel network.
-
My isp did not give me real ip. So I attach a cenos openvpn client. Real ip too much costly here.
-
So your saying your behind a carrier grade nat and have no way for inbound traffic to your pfsense box.
-
Yes and they block sip packet too.
-
Well let me see… I have a vps running openvpn access server, that pfsense is a client into... Let me see what you have to do allow another client of this openvpn access server running on vps into network behind pfsense...
Should be a simple route.. Give me a bit..
-
Hi Johnpoz
Do you get any solution for me?