Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] RDP to PC that is connected to external VPN...

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 659 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      simon_lefisch
      last edited by simon_lefisch

      Hey everyone,

      Not sure where to put this question as it could possibly be a Firewall, Routing, or OpenVPN config issue, so I thought General would be best to start.

      Here's the scenario.....I have PC that connects to an outside OpenVPN server which I can RDP to when I'm on my LAN. I also have created an OpenVPN server in pfSense so I can connect to my LAN from the internet. The issue I am having is that if I connect to my pfSense OpenVPN server, I cannot connect to my PC that is connected to the external OpenVPN server. Before I made the switch to pfSense I was able to do this on Netgear R7800 router that was flashed with DD-WRT firmware, so not sure what has changed that is now preventing me from connecting to that specific PC. Any insight would be helpful so that I can have a better understandings to how things can/should be configured. I have attach screen shots of the rules/setup for my pfSense. Thanks for your help ๐Ÿ˜

      lan_rules.jpg

      openvpn_rule.jpg

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        I guess, your PCs firewall may block that access and your former router did masquerading on packets going out to the LAN.

        To enable masquerading on pfSense go to Firewall > NAT > Outbound. Select the hybrid mode and save it.
        Now add a new rule with these settings:
        Interface: LAN
        source: <OpenVPN server tunnel network>
        translation: interface address

        S 1 Reply Last reply Reply Quote 1
        • S
          simon_lefisch @viragomann
          last edited by

          @viragomann OMG you were right, thank you!! That did it! I've been trying to figure that out for some time. Thank you for this ๐Ÿ™ ๐Ÿ™

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            I guess a second solution exists : inform the PC/server where to want to 'RDP' to that it should accepts connections from 'LAN' = the local network, and other networks, which can only be you, connecting to your VPN server interface.
            Or : add the IP network to the list of IP's to be accepted, if that's a possibility. This would be the best choice.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            S 1 Reply Last reply Reply Quote 0
            • S
              simon_lefisch @Gertjan
              last edited by simon_lefisch

              @Gertjan I'm confused by this answer. You're saying to add the network or IP of my VPN server on the PC itself? If so, where on the PC would I add it? One of them is a Windows 10 VM and the other is a Debian 10 VM (running xrdp). Would it be in the firewall?

              And now that I think of it, @viragomann, the one PC that connects to an external VPN server (Debian 10 VM) does not have a firewall installed/running so that wouldn't have been the issue. Regardless, your solution works.

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @simon_lefisch
                last edited by

                @simon_lefisch said in [SOLVED] RDP to PC that is connected to external VPN...:

                the one PC that connects to an external VPN server (Debian 10 VM) does not have a firewall installed/running so that wouldn't have been the issue.

                A possible other reason for that it can be solved by the NAT method could be, that the VPN server (pfSense) is not the default gateway on the destination host.

                Yes, open up the firewall on the host is the preferred solution, but as I understood the VPN connection is only for your own purposes. In this case, the NAT is a proper workaround.
                The drawback of this is, that each connection from the VPN seems to come from pfSense on the destination device. So you're not capable to identify the real source.

                S 1 Reply Last reply Reply Quote 0
                • S
                  simon_lefisch @viragomann
                  last edited by

                  @viragomann said in [SOLVED] RDP to PC that is connected to external VPN...:

                  Yes, open up the firewall on the host is the preferred solution, but as I understood the VPN connection is only for your own purposes. In this case, the NAT is a proper workaround.

                  Well like I said before, the VM I connect to does not have a firewall running.

                  The drawback of this is, that each connection from the VPN seems to come from pfSense on the destination device. So you're not capable to identify the real source.

                  That's ok. I have the VPN configured where I am the only user who connects to it, to the source would be me.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.