How to access local networks while connected OpenVPN

sse450

At office, we have several LANs 10.10.1.0/24, 10.10.10.0/24, 10.10.20.0/24 all managed by pfSense. At home, I have also pfSense with OpenVPN server.

From the office PC, I can connect to home OpenVPN server and access to home LAN. But as soon as I connect to home OpenVPN server, I lose access to local LANs at office. I know that this is by design.

I would like to keep access to office LANs while connecting to home OpenVPN server. Obviously, this is a routing problem. I can setup some static routes on my office PC (Ubuntu) to do what I want.

My question is that: How can I achieve this using office pfSense without any static routes on my office PC?

I would appreciate any help. TIA.

heper

this is not "by design"

you might have a routing problem
OR
your vpn-server has this set:

Redirect IPv4 GatewayForce all client-generated IPv4 traffic through the tunnel.

sse450

If it is not by design" then obviously I am doing something wrong. Thanks for hinting that.

"Force all client-generated IPv4 traffic through the tunnel." of home pfSense OpenVPN server is not checked.

Please find below pfSense configurations on both end:

Home:

Office:

My Office PC IP is 10.10.30.30. Introducing something like ip route add 10.10.1.0/24 via 10.10.30.1 in my office PC fixes the problem. There must be an easy way of doing it in pfSense.

Thank you for your help.

heper

you are not showing your openvpn configuration pages .... makes it difficult to make a guess

also: you could/should/might consider, removing some of the useless firewall rules (hint: rules that never get state-counter higher the zero should be looked into)

marvosa

You have to add the networks you want access to in the IPv4 Local network(s) section of the config. This will push the appropriate routes to your clients.

sse450

@marvosa said in How to access local networks while connected OpenVPN:

You have to add the networks you want access to in the IPv4 Local network(s) section of the config.

But, the problem is that I cannot access the Local Networks on the client side (Office), not on OpenVPN server side (Home). Do you really mean that I need to enter all local networks of client side networks (office) on the OpenVPN server (Home)?

Thank you.

marvosa

Sorry, I misread your OP. I thought you were connecting to your office from home, but it's the other way around.

There are two possible scenarios for what you're experiencing:

1. You configured a full tunnel deployment at home and all traffic is being routed over the tunnel upon connection.
2. There are some overlapping subnets between your office and home LAN, so once you connect, traffic that would normally be routed locally via the default route is now being routed down the VPN.

If you post your server1.conf (located here -> /var/etc/openvpn), it'd be easy to verify. However, the quick check would be to go to your config and see if you have the "Redirect IPv4 Gateway" option checked. If so, unchecking it would move you to a split tunnel deployment and will now only route traffic down the tunnel that is destined for your Home LAN subnet, which should solve your issue.

If you unchecked the option or it was never checked and still have issues, then you most likely have a subnet conflict and you will have to move your home LAN to a new subnet and then reconfigured your OpenVPN server accordingly.