Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to get the remote vpn client to "see" the lan network behind the pfsense router?

    Scheduled Pinned Locked Moved
    OpenVPN
    5
    25
    3.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      axiomcs
      last edited by axiomcs

      All of the IPv4 traffic was/is being forced thru the tunnel:
      https://i.gyazo.com/2d3e8b70252a79664e1cb094497baa65.png

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        No its not.. Not per the route table you listed...

        You can see from your freaking tracert that trying to 10.3.0.1 hit your 192.168.1.1 IP.. That might be what you have it set for... But that is not what is happening..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        1 Reply Last reply Reply Quote 0
        • A
          axiomcs
          last edited by axiomcs

          I included a screenshot of the setting Redirect IPv4 Gateway being checked and it says next to the checkbox, Force all client-generated IPv4 traffic through the tunnel. Can you see my screenshots? If not, is there a way for me to have my screenshots show up?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            I see your screenshot - and again... You might have set that, but that is NOT what is happening... Look at your clients route table

            0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.253 50

            That there says hey no other routes for whatever IP trying to go to - go to 192.168.1.1..

            do you have anything in your options box on your server setting... You sure your actually connecting to that instance and not another one... I run multiple instances 443 tcp, and 1194 udp for example.

            What is in your local config.. But your own routes and your trace route show you hitting 192.168.1.1 trying to get to 10.3.0.1

            If you were going down the tunnel to get to 10.3, then your first hop would be the 10.33 address in your trace.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.03 | Lab VMs 2.7.2, 24.03

            1 Reply Last reply Reply Quote 0
            • A
              axiomcs
              last edited by axiomcs

              Which options box are you referring to? If its Custom options, then that is empty.
              https://i.gyazo.com/36d58311d84723b4b998b90743b1a433.png

              How can I check that I have the right instance? I believe I only have one.

              Where is the local config?

              Maybe in cases like this it is better to start over with the OpenVPN? Is there a way to wipe all this OpenVPN settings away completely?

              Update:
              I have attempted to remove all traces (one trace that does remain and I can't seem to remove it is the User certificate from the original OpenVPN setup) of my initial OpenVPN setup and start anew. I have followed the link as suggested in your earlier post to setup OpenVPN. When trying to do the Client Export utility, no client executables appear in the OpenVPN Clients section of the Client Export Utility page. There is this note next to it:
              "If a client is missing from the list it is likely due to a CA mismatch between the OpenVPN server instance and the client certificate, the client certificate does not exist on this firewall, or a user certificate is not associated with a user when local database authentication is enabled."

              Update2:
              I managed to remove the original user cert after I removed it from someplace else, the delete/trash can symbol appeared.
              The Client Export executables were not showing up b/c I had not created a new user cert.

              Now I can ping the pingable devices behind the pfsense firewall. I can also create a mapped network drive to those devices. However, I need to use their private IP addr. instead of their Windows name. Is it possible to use the computer names for creating network drives? And is it possible to make network drives to these devices with their firewalls enabled? Also, is it possible to restrict connections to the vpn by MAC addresses that I specify? If so, how?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post