Access local pc via openvpn

shetu

Hello
I setup oepnvpn server on vps (centos). Pfsense connect and I can browse. From lan side I can ping oepnvpn server ip but from openvpn server or others openvpn client I can not ping local pc behind pfsense. Where do I start looking?
Openvpn server Ip : 10.8.0.1
Pfsense Ip (vpn Ip) : 10.8.0.2
Pfsense Local Ip : 192.168.10.99
Lan Pc : 192.168.10.100


Openvpn Server :
port 1195
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp" 
crl-verify crl.pem
ca ca.crt
cert server_1uN8x5lUtTuW9IRX.crt
key server_1uN8x5lUtTuW9IRX.key
tls-auth tls-auth.key 0
dh dh.pem
auth SHA256
cipher AES-128-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
status openvpn.log
verb 3
# Client Config Directory
client-config-dir /etc/openvpn/ccd


Cleint Config:
client
proto udp
remote *********************************
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_1uN8x5lUtTuW9IRX name
auth SHA256
auth-nocache
cipher AES-128-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns
verb 3
key-direction 1

```![Openvpn Lan copy.jpg](/public/_imported_attachments_/1/Openvpn Lan copy.jpg)
![Openvpn Lan copy.jpg_thumb](/public/_imported_attachments_/1/Openvpn Lan copy.jpg_thumb)

Stewart

You'll need to create a firewall rule on the OpenVPN tab with that IP range as the source, otherwise it'll be blocked. If you just make that range the source and the destination Any, it should let everything through.

shetu

Hi
Openvpn tab not my vpn client interface?

openvpn_tab.jpg_thumb

johnpoz

Why would you not just run openvpn server on pfsense?

Looks like your trying to use pfsense as client and another client. And then let some client through the common vpn tunnel into devices behind pfsense..

Also keep in mind this client behind pfsense own firewall.. For example out of the box windows would not allow access from your tunnel network.

shetu

My isp did not give me real ip. So I attach a cenos openvpn client. Real ip too much costly here.

johnpoz

So your saying your behind a carrier grade nat and have no way for inbound traffic to your pfsense box.

shetu

Yes and they block sip packet too.

johnpoz

Well let me see… I have a vps running openvpn access server, that pfsense is a client into... Let me see what you have to do allow another client of this openvpn access server running on vps into network behind pfsense...

Should be a simple route.. Give me a bit..

shetu

Hi Johnpoz
Do you get any solution for me?