Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Our own Openvpn server behind Pfsense firewall: can ping to all devices but cannot go websites

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 215 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CheeMG
      last edited by CheeMG

      Hi All

      UPDATE: resolved.
      We checked Bypass firewall rules for traffic on the same interface in System - Advanced - Firewall & NAT

      SystemAdvancedFirewall & NAT
      Static route filtering Bypass firewall rules for traffic on the same interface

      We have been using our own Openvpn (Routed) server behind a GTA firewall for many years. Recently, we replaced the GTA firewall with Pfsense and found that our Openvpn clients can no longer go to websites in our LAN. We can ping to not just the Openvpn server but also to all machines behind the Pfsense firewall. This is made possible by creating a Static Route for 10.58.0.0/24 to use gateway 192.168.5.5 (our Openvpn server IP) and enabling net.ipv4.ip_forward in /etc/sysctl.conf on our Openvpn server.
      We can also go to a website on our Openvpn server.
      But although we can ping other servers in our LAN, we cannot go to websites hosted on them. We can SSH to our Openvpn server but not the other servers. That is, all the other servers are not accessible but are ping-able. The Openvpn server itself is fully accessible.

      In pfSense System Logs Firewall - we have these message:
      "Sep 12 23:43:33 LAN Default deny rule IPv4 (1000000103) 192.168.5.203:80 10.58.0.6:49587 "

      192.168.5.203 is a webserver in our LAN
      10.58.0.6 is a Openvpn Client IP address

      We tried adding a Pass Any to Any rule in LAN firewall but it didn't help.

      We googled and searched this forum and found no solution.
      This post has exactly the same problem as us:
      https://forum.netgate.com/topic/87364/openvpn-server-behind-pfsense-ping-is-possible-web-access-not

      Thank you very much
      CMG

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.