Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access local pc via openvpn

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shetu
      last edited by

      Hello
      I setup oepnvpn server on vps (centos). Pfsense connect and I can browse. From lan side I can ping oepnvpn server ip but from openvpn server or others openvpn client I can not ping local pc behind pfsense. Where do I start looking?
      Openvpn server Ip : 10.8.0.1
      Pfsense Ip (vpn Ip) : 10.8.0.2
      Pfsense Local Ip : 192.168.10.99
      Lan Pc : 192.168.10.100

      
      Openvpn Server :
      port 1195
      proto udp
      dev tun
      user nobody
      group nobody
      persist-key
      persist-tun
      keepalive 10 120
      topology subnet
      server 10.8.0.0 255.255.255.0
      ifconfig-pool-persist ipp.txt
      push "dhcp-option DNS 8.8.8.8"
      push "dhcp-option DNS 8.8.4.4"
      push "redirect-gateway def1 bypass-dhcp" 
      crl-verify crl.pem
      ca ca.crt
      cert server_1uN8x5lUtTuW9IRX.crt
      key server_1uN8x5lUtTuW9IRX.key
      tls-auth tls-auth.key 0
      dh dh.pem
      auth SHA256
      cipher AES-128-CBC
      tls-server
      tls-version-min 1.2
      tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
      status openvpn.log
      verb 3
      # Client Config Directory
      client-config-dir /etc/openvpn/ccd
      
      
      
      Cleint Config:
      client
      proto udp
      remote *********************************
      dev tun
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      remote-cert-tls server
      verify-x509-name server_1uN8x5lUtTuW9IRX name
      auth SHA256
      auth-nocache
      cipher AES-128-CBC
      tls-client
      tls-version-min 1.2
      tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
      setenv opt block-outside-dns
      verb 3
      key-direction 1
      
      ```![Openvpn Lan copy.jpg](/public/_imported_attachments_/1/Openvpn Lan copy.jpg)
      ![Openvpn Lan copy.jpg_thumb](/public/_imported_attachments_/1/Openvpn Lan copy.jpg_thumb)
      1 Reply Last reply Reply Quote 0
      • S
        Stewart
        last edited by

        You'll need to create a firewall rule on the OpenVPN tab with that IP range as the source, otherwise it'll be blocked.  If you just make that range the source and the destination Any, it should let everything through.

        1 Reply Last reply Reply Quote 0
        • S
          shetu
          last edited by

          Hi
          Openvpn tab not my vpn client interface?

          openvpn_tab.jpg
          openvpn_tab.jpg_thumb

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Why would you not just run openvpn server on pfsense?

            Looks like your trying to use pfsense as client and another client.  And then let some client through the common vpn tunnel into devices behind pfsense..

            Also keep in mind this client behind pfsense own firewall.. For example out of the box windows would not allow access from your tunnel network.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • S
              shetu
              last edited by

              My isp did not give me real ip. So I attach a cenos openvpn client. Real ip too much costly here.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                So your saying your behind a carrier grade nat and have no way for inbound traffic to your pfsense box.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • S
                  shetu
                  last edited by

                  Yes and they block sip packet too.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Well let me see… I have a vps running openvpn access server, that pfsense is a client into... Let me see what you have to do allow another client of this openvpn access server running on vps into network behind pfsense...

                    Should be a simple route.. Give me a bit..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • S
                      shetu
                      last edited by

                      Hi Johnpoz
                      Do you get any solution for me?

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.