VPN point-to-point problem

federicop

Hi, I have a point-to-point VPN connection and everything works.
That is, I can see the pfsense web interface remotely (of the two VPNs).

just that I have a problem, I have a small nas with a web interface on the "B" lan that I can not reach and I do not understand why!

LAN "A" 192.168.0.0 - PFSENSE 192.168.0.1
LAN "B" 192.168.1.0 - PFSENSE 192.168.1.1 - NAS 192.168.1.2

if from lan "A" I enter 192.168.1.1 I enter pfsense quietly but if I enter 192.168.1.2. I can not see the nas login page

obviously inside the "B" lan typing the ip of the nas it works!

what could it depend on?

netblues

Most probably nas doesn't have a default gateway, or has security that doesn't allow access from remote lans.
Can you actually ping/access other hosts on B from A?

federicop

once I can access other hosts other times no!

the Gtateways defoult was and the OpneVPN rules are ipv4 Protocol * source * port * destination *

netblues

What are the settings of the ipv4 local networks on the server configuration?

federicop

Server:
WAN 192.168.1.2 - WANGW 192.168.1.1
LAN 192.168.0.1
Server OpenVPN
IPv4 Tunnel Network: 192.168.4.0/24
IPv4 Remote network(s) 192.168.2.0/24

Client:
WAN 192.168.1.3 - WANGW 192.168.1.1
LAN 192.168.2.1
Client OpenVPN
IPv4 Tunnel Network: 192.168.4.0/24
IPv4 Remote network(s) 192.168.0.0/24

netblues

Seems ok. Check the nas for security settings. Can you ping it?

federicop

@netblues said in VPN point-to-point problem:

Seems ok. Check the nas for security settings. Can you ping it?

Can you ping it?
Yes

netblues

If you can ping the nas, then pfsense configuration is ok. Probably the nas has some access list functionality.

federicop

the nas is ok. I have the same problem on other hosts that of switch management

chpalmer

This post is deleted!

chpalmer

Can you show your VPN firewall rules on both routers?

federicop

Client:
0_1543007010349_Schermata 2018-11-23 alle 21.58.55.png

0_1543007024369_Schermata 2018-11-23 alle 21.59.11.png

Server
0_1543007037956_Schermata 2018-11-23 alle 21.58.32.png

OpenVPN Client
0_1543007065848_Schermata 2018-11-23 alle 21.59.46.png
0_1543007078317_Schermata 2018-11-23 alle 22.00.23.png
0_1543007103809_Schermata 2018-11-23 alle 22.01.22.png

OpenVPN Server
0_1543007129366_Schermata 2018-11-23 alle 22.02.00.png
0_1543007137104_Schermata 2018-11-23 alle 22.02.26.png
0_1543007152907_Schermata 2018-11-23 alle 22.02.39.png

chpalmer

For your tunnel network you can use a /30 I usually like using something way outside my LANs.. 10.10.1.0/30 here.. but to each their own..

Your LAN on network A is now 192.168.6.0/24 ??

What is CimaVPN?

federicop

LAN A (Server) 192.168.0.0/24
LAN B (Client) 192.168.6.0/24 .

CimaVPN it's the name of my VPN

chpalmer

@federicop said in VPN point-to-point problem:

LAN A (Server) 192.168.0.0/24
LAN B (Client) 192.168.6.0/24 .

CimaVPN it's the name of my VPN

And that VPN relates to this scenario in what way?

Is it directly associated with your OpenVPN connection somehow?

Your screenshot above shows tabs for both on the same router..

federicop

And that VPN relates to this scenario in what way?

0_1543010225480_Schermata 2018-11-23 alle 22.55.44.png

chpalmer

Are both of these routers on the same WAN router right now? Physically located at the same location?

I see. I don't assign my openVPN connections to interfaces in that fashion myself so was trying to make sure.