Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Connecting, but can't access LAN IP's

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 4 Posters 768 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      codemonkey76
      last edited by

      OK, I am sure i have done something wrong in the setup, but for the life of me can't work it out.

      I have the tunnel setting shown in the pictures.

      When I connect with openvpn, my routing table looks like this:

      Active Routes:
      Network Destination        Netmask          Gateway      Interface  Metric
                0.0.0.0          0.0.0.0        10.0.0.1      10.0.0.113    55
              10.0.0.0    255.255.255.0        On-link        10.0.0.113    311
            10.0.0.113  255.255.255.255        On-link        10.0.0.113    311
            10.0.0.255  255.255.255.255        On-link        10.0.0.113    311
              10.10.0.0    255.255.255.0        10.11.0.1        10.11.0.2    291
              10.11.0.0    255.255.255.0        On-link        10.11.0.2    291
              10.11.0.2  255.255.255.255        On-link        10.11.0.2    291
            10.11.0.255  255.255.255.255        On-link        10.11.0.2    291
              10.16.0.0    255.255.255.0        10.11.0.1        10.11.0.2    291
              10.17.0.0    255.255.255.0        10.11.0.1        10.11.0.2    291
              127.0.0.0        255.0.0.0        On-link        127.0.0.1    331
              127.0.0.1  255.255.255.255        On-link        127.0.0.1    331
        127.255.255.255  255.255.255.255        On-link        127.0.0.1    331
              224.0.0.0        240.0.0.0        On-link        127.0.0.1    331
              224.0.0.0        240.0.0.0        On-link        10.0.0.113    311
              224.0.0.0        240.0.0.0        On-link        10.11.0.2    291
        255.255.255.255  255.255.255.255        On-link        127.0.0.1    331
        255.255.255.255  255.255.255.255        On-link        10.0.0.113    311
        255.255.255.255  255.255.255.255        On-link        10.11.0.2    291

      so it looks the entries for 10.10.0.0/24, 10.16.0.0/24, 10.17.0.0/24 are correctly added to my routing table. But i still can't access machines on those addresses.

      I have an allow all rule on my OpenVPN interface

      Not sure what to check next.
      Capture.PNG
      Capture.PNG_thumb

      J 1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Is the pfSense which is running the OpenVPN server the default gateway in the remote networks?

        Check if you are able to ping the internal interfaces of pfSense.

        1 Reply Last reply Reply Quote 0
        • D
          divsys
          last edited by

          Another common issue on Windoze networked machines is that they might not recognize ping/other traffic originating on the VPN tunnel networks.
          You can try temporarily turning off the firewall on one of the LAN devices to see if it makes a difference.

          Agree with viragomann , step 1 is try to ping the pfSense VPN tunnel, then the pfSense Lan interface, then move on to the LAN

          -jfp

          1 Reply Last reply Reply Quote 0
          • J
            jea @codemonkey76
            last edited by

            @codemonkey76
            By any chance are you running pfS 2.4.3?
            I ran into this same problem when upgrading from 2.4.2.
            No change in Configuration(s). Same firewall rules.
            Can connect and ping port addresses of pfSense box, but not beyond.
            Worked perfectly with 2.4.2 (and 32 bit versions).

            Same openvpn version (2.4.4), same SSL library version(1.0.2m) on both 2.4.2 and 2.4.3

            I'd like to understand what has broken.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.