Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN on debian Box (issues with new pfsense install)

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 750 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jkay1804
      last edited by

      I recently upgraded my router and decided to go with PFSense. I've used OpenVPN on a debian box. On my new pfsense router I've added the static route and the nat settings. I am able to connect to my openvpn and can ping my network, however RDP doesn't work. What is blocking stuff from working?

      On my static routes I added a new gateway (gateway was the openvpn server LAN address) then added the route for the OpenVPN address the clients get via DHCP

      Thanks

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Why aren't you running OpenVPN on pfSense?

        @jkay1804:

        On my static routes I added a new gateway (gateway was the openvpn server LAN address) then added the route for the OpenVPN address the clients get via DHCP

        So pfSense has an IP in the LAN as well as the OpenVPN server? So you will catch an asymmetric routing issue.
        LAN devices will send packets destined for openvpn clients to pfSense, where they are directed to the openvpn server, while packets from vpn clients go directly from the server to the LAN device.
        That is no problem for stateless protocols like ICMP (ping), but it is for stateful connections though.

        Best solution will be running the server on pfSense.
        Others are adding a static route for the openvpn tunnel network pointing to the vpn server to each LAN device or doing SNAT on the vpn server or putting the vpn server in a separate transfer network and routing LAN traffic to pfSense and the vpn traffic to the vpn server.

        1 Reply Last reply Reply Quote 0
        • J
          jkay1804
          last edited by

          So here is how it's setup

          LAN 10.10.1.0 /24
          OpenVPN 10.28.0.0/24

          PFSense Router 10.10.1.253
          OpenVPN Debian box 10.10.1.249

          I created a gateway of 10.10.1.249
          Created a Static route 10.28.0.0 255.255.255.0 10.10.1.249

          Is this not correct?

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            As I mentioned above, with such a setup you will end up in asymmetric routing issues.

            1 Reply Last reply Reply Quote 0
            • J
              jkay1804
              last edited by

              So I setup openvpn on the pfsense box. It works and I can rdp into my desktop, however I am unable to ping my switch or ssh into it. I've added a custom option to push "route 10.10.1.0 255.255.255.0" but still no luck.

              What am I missing here?

              Thank you

              1 Reply Last reply Reply Quote 0
              • V
                viragomann
                last edited by

                Are the network settings correct on the switch? Is the internal pfSense IP the gateway on it?

                Another reason could be that it blocks access to management interface from addresses outside off its own network segment. If this is the case you can get it working by an SNAT rule on pfSense.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.