Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Problem with Proxmox, pfSense, OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      ssbostan
      last edited by ssbostan

      Hello guys,
      I have a confusing problem with proxmox, pfsense, openvpn.
      First i write my network structure...

      I have a Proxmox server with this configuration:

      Nic1: bridged for LAN access
      vmbr0:
      IP: 192.168.1.10/24
      Gateway: 192.168.1.1

      Nic2: bridge for Multi-WAN
      vmbr1: NO IP

      In my Proxmox server i have a pfSense with this configuration:

      em0 network card from vmbr1 for WAN:
      IP: PUBLIC INTERNET
      Gateway: PUBLIC INTERNET

      em1 network card from vmbr0 for LAN:
      IP: 192.168.1.15/24
      Gateway: NONE

      every things is ok,
      pfSense has access to Internet
      pfSense has access to LAN
      pfSense can see 192.168.1.10 and 192.168.1.1

      but when I'm using OpenVPN and connecting to server:
      I can see 192.168.1.15
      I can see 192.168.1.10
      but i cant see IPs behind Proxmox Server.
      I cant see 192.168.1.1

      After i set gateway for em1(LAN) to 192.168.1.10:
      em1 from to vmbr0 for LAN:
      IP: 192.168.1.15/24
      Gateway: 192.168.1.10

      OpenVPN client can see 192.168.1.1 for a while but after few minutes WAN gateway goes down and Internet connectivity lost.

      What do you thick about this issue?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        I guess pfSense is not the default gateway on the machines you're not able to access. So responses to vpn packets are not sent back to pfSense.
        Configure your devices to use pfSense as default gateway.

        There shoult not be defined a gateway on LAN interface.

        1 Reply Last reply Reply Quote 1
        • S
          ssbostan
          last edited by ssbostan

          I'm testing with other scenario and working but it's not my needed solution.
          I'm running 2 pfSense on Proxmox:

          Proxmox:
          same as above.

          pfSense 1:
          same as above + this configuration:
          Not running OpenVPN server.
          Just forwarding openvpn port to pfSense 2 with IP 192.168.1.16

          pfSense 2:
          Just one NIC from vmbr0
          IP: 192.168.1.11/24
          Gateway: 192.168.1.10
          Running OpenVPN.

          In this configuration, clients can connect to pfSense 2 vpn through pfSense 1 internet with port forward and can access to 192.168.1.1 without any configuration on 192.168.1.1 and other IPs behind Promox server.

          but i want to solve issue and not using this trick.

          Thanks.

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            Again, your pfSense 1 has to be the default gateway on all the devices you want to access.

            There may be some alternative solutions, but none of them is perfect:

            • Add a static route for the VPN tunnel network to each device you want to access pointing to pfSense 1 LAN IP.
            • Add a Outbound NAT rule to the LAN interface to translate the VPN packets to the LAN IP.
            1 Reply Last reply Reply Quote 1
            • S
              ssbostan
              last edited by ssbostan

              Thanks, all solutions works good for me.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.