Just setup pfSense at home, and I can't connect to my "works" OpenVPN.



  • As the title says, I've just finished a vanilla install of pfSense at home. I've yet to make any changes. So, firewall rules are all defaults. Before the new router (with pfSense), I was just using an ISP supplied one. I was able to successfully connect and access resources on my corporate network via OpenVPN.

    Now, I can connect to the corporate network via OpenVPN, get issued an IP, access the internet, but not any intranet resources. My home network is setup on 10.0.10.x, and the when I connect to OpenVPN at work the IP I get is 192.168.250.x range. So, I don't think there are any conflicts on that front.

    I shouldn't need any inbound rules for this, correct?

    Here are my current LAN rules (unmodified):

    2caa873f-f8c3-43c3-beec-48ca0220ad95-image.png

    And my WAN rules (unmodified):

    109e3012-70a5-487f-942b-b3c3176f6e7a-image.png

    Thanks in advance!


  • LAYER 8

    you should have the "OpenVPN" tab, you need rules there, and you need to specify remote/local address in the openvpn settings afair
    Immagine.jpg



  • @kiokoman - so I'm not running OpenVPN on my instance of pfSense. This is accessing OpenVPN on someone else network. I figured the "LAN to any rule" would cover that. Since there shouldn't be anything inbound?

    The screenshot you're referring is for setting OpenVPN on "your" network, right?


  • LAYER 8

    ah yeah, if you have openvpn in a client inside your lan,"LAN to any rule" should cover it, it's not a firewall problem then. routing / NAT / other side problem idk, we need more information



  • @jaredmeakin said in Just setup pfSense at home, and I can't connect to my "works" OpenVPN.:

    I shouldn't need any inbound rules for this, correct?

    Noop/
    There is nothing to do on your == home side.
    It's just a connection with to address IP "company"- port 'something' using protocol 'something-else'.

    Your outbound rules on LAN are ok, they cover all possible outgoing traffic.
    WAN rules are not important here. These handle incoming traffic.

    @jaredmeakin said in Just setup pfSense at home, and I can't connect to my "works" OpenVPN.:

    Now, I can connect to the corporate network via OpenVPN, get issued an IP, access the internet, but not any intranet resources

    So, you connected, and can use the companies resources to access the Internet.
    The OpenVPN server ( = running on companies resources) setup should be changed if you want to use 'local companies resources', like accessing LAN devices, etc.



  • So, did some more digging and it looks to be a DNS issue.

    I'm using DNS Resolver with out of the box configuration, and on System > General Setup I have two DNS servers listed (8.8.8.8 & 8.8.4.4).

    We have some applications hosted on AWS that are only accessible from internal IP addresses (thus the VPN). When I run dig against one of those URLS the server response is the IP of the pfsense router. It doesn't seem to be passing the query onto the other DNS servers I have entered in General Setup.

    I've found that if I manually enter DNS servers in Services > DHCP Server DNS works correctly over VPN.

    Anyone run into this before?



  • @jaredmeakin said in Just setup pfSense at home, and I can't connect to my "works" OpenVPN.:

    I'm using DNS Resolver with out of the box configuration, and on System > General Setup I have two DNS servers listed (8.8.8.8 & 8.8.4.4).

    When a device on your LAN, behind the home pfSense router, connects to the companie's VPN server, that device will use the DNS that the VPN server has instructed to the VPN client.
    Also : look up DNS related info - if any exists, in the VPN client config setup.

    It's rather logic to use the pfSense's resolver, because that DNS source is aware of all the local devices at work.

    When I call in to work from home (both sides a pfSense as router/firewall) I've set up the VPN server (pfSense work is my VPN server) I instruct the clients (= my PC at home) to use the pfSense's DNS server == the Resolver.

    Btw : I have no business with "8.8.8.8" or "8.8.4.4" neither "AWS".


Log in to reply