Our own Openvpn server behind Pfsense firewall: can ping to all devices but cannot go websites
-
Hi All
UPDATE: resolved.
We checked Bypass firewall rules for traffic on the same interface in System - Advanced - Firewall & NATSystemAdvancedFirewall & NAT
Static route filtering Bypass firewall rules for traffic on the same interfaceWe have been using our own Openvpn (Routed) server behind a GTA firewall for many years. Recently, we replaced the GTA firewall with Pfsense and found that our Openvpn clients can no longer go to websites in our LAN. We can ping to not just the Openvpn server but also to all machines behind the Pfsense firewall. This is made possible by creating a Static Route for 10.58.0.0/24 to use gateway 192.168.5.5 (our Openvpn server IP) and enabling net.ipv4.ip_forward in /etc/sysctl.conf on our Openvpn server.
We can also go to a website on our Openvpn server.
But although we can ping other servers in our LAN, we cannot go to websites hosted on them. We can SSH to our Openvpn server but not the other servers. That is, all the other servers are not accessible but are ping-able. The Openvpn server itself is fully accessible.In pfSense System Logs Firewall - we have these message:
"Sep 12 23:43:33 LAN Default deny rule IPv4 (1000000103) 192.168.5.203:80 10.58.0.6:49587 "192.168.5.203 is a webserver in our LAN
10.58.0.6 is a Openvpn Client IP addressWe tried adding a Pass Any to Any rule in LAN firewall but it didn't help.
We googled and searched this forum and found no solution.
This post has exactly the same problem as us:
https://forum.netgate.com/topic/87364/openvpn-server-behind-pfsense-ping-is-possible-web-access-notThank you very much
CMG