[SOLVED] Can't access same subnet, if connected by VPN (internal IP's, SMB etc.)
-
Hey together,
i just used the VPN wizzard, to configure a VPN Connection for my laptop, to connect to my home-network on business / holiday-travels.I can connect without problems to the PFSense VPN Network, i can access the PFSense Web-Interface, but i can't connect to any other devices in the same subnet.
All my different devices in my network have an 192.168.1.X adress (FreeNAS, Windows RDP, Managed Switch etc.). My PFSense has the usual 192.168.1.1.
My laptop get's the address 192.168.1.2, i can access 192.168.1.1, but can't access for example 192.168.1.5 (let's say, my FreeNAS).In the VPN is activated (i think those are the important options):
- IPv4 Tunnel Network: 192.168.1.0/24
- Force all client-generated IPv4 traffic through the tunnel is activated
- Allow communication between clients connected to this server is activated
- Provide a default domain name to clients (192.168.1.1 = PFSense Firewall)
- Provide a DNS server list to clients. Addresses may be IPv4 or IPv6. (first 192.168.1.1, second 8.8.8.8)
Any ideas i need to change, for get access to the rest of the subnet? I even can't access my SMB-shares.
Brgds
-
Did you add an allow rule on the OpenVPN interface? It's an interface like any other, and only the default LAN gets a rule added automatically. All other interfaces need one manually added.
-
@KOM
Thanks for your fast help.That rules was added by the wizzard automatically. Any more rules necessary?
-
Okay, now i have access to all the configuration interfaces.
It was my fault, in the wizard i set Tunnel Network and Local Network to 192.168.1.0, but they must be different (Tunnel Network for example 10.0.0.0 and Local Network MUST be your usual network 192.168.1.0. -
Just some hints to tie things down a little.. You can easily make your tunnel network a /30 or (/29 if more than one remote address is needed) for just one laptop doing a roadwarrior setup such as that.
Then on your OpenVPN firewall rule make "source" the same as your tunnel. 10.0.0.0/30 /29 ect..
Make destination your local LAN if you only have one local subnet to worry about.It is most likely absolutely safe to leave it as is but if your inclined to worry or just want to tinker more.. this is an option for you.
Good luck!