LAN through Open VPN not accesible



  • Accesing server LAN side not possible through OpenVPN.
    this is the scheme:
    Network Scheme
    link scheme image
    I have been checking posts but no results yet!.
    Any suggestions?
    Thank you so much!


  • Rebel Alliance Developer Netgate

    It should work fine so long as every node along the path has proper routes. The OpenVPN client needs to have routes all the way through to the target system. The target system needs to know how to get traffic back to OpenVPN. Same with firewall rules, you need to pass through the traffic.

    But without more specific information about the OpenVPN setup, routes, and so on, it's impossible to say where your problem may be.

    There are some general suggestions on https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html for troubleshooting this kind of thing, like checking route tables, using traceroute and packet captures to diagnose, etc.



  • Thanks, I'm going to check some of your suggestions. I'm sure I'll be back with more doubts...



  • @jimp

    Hi again!
    I have been checking some points like LAN router NAT, and server configs and through the packet capture on pfsense I've found this capturing OpenPVN packets:
    15:01:08.596584 IP 192.168.168.2.51978 > 192.168.168.10.3389: tcp 0
    15:01:08.596607 IP 192.168.168.2.51978 > 192.168.168.10.3389: tcp 0
    15:01:08.596617 IP 192.168.168.1 > 192.168.168.2: ICMP redirect 192.168.168.10 to host 192.168.168.2, length 72

    where 192.168.168.2 its a wan connection over Open VPN(my phone) and 192.168.168.10 is the remote machine with RDP (WS2019), 192.168.168.1 is the LAN router. Look at the TCP 0??? What means?

    With firewall always disabled to test connections and no AV's and after 2 days testing several things, I've found 3 different scenarios:

    1. RDP from LAN to LAN works on any computer. (W10Pro and WS 2019)
    2. RDP from WAN to LAN works in a W10Pro but not in a WS2019 Datacenter only with Remote access (NO RDS) and same ip or network than W10Pro directly by default port 3389. Tested with a PC the error reported is: "internal Error" and tested with my phone the error is: 0x4 or 0x104
      3.RDP from WAN to LAN over OpenVPn doesn't work in any computer at default port 3389, same errors.

    Note the different OS behavior!!.

    CONFIGS:
    OPEN VPN
    WAN UDP4 / 1194 192.168.168.0/27
    Crypto: AES-256-GCM/SHA512
    D-H Params: 4096 bits OPEN VPN (tun3)
    IPv4 Tunnel Network 192.168.168.0/27

    OUTBOUND NAT MODE:
     WAN 127.0.0.0/8 ::1/128 172.16.16.0/24 192.168.168.0/27 * * 500 WAN address *  Auto created rule for ISAKMP
     WAN 127.0.0.0/8 ::1/128 172.16.16.0/24 192.168.168.0/27 * * * WAN address *  Auto created rule

    PORT FORWARD:
    WAN TCP * * WAN address 3389 (MS RDP) 172.16.16.1 3389 (MS RDP) RDP

    OPEN VPN RULES:
    IPv4 * * * * * * none OpenVPN OPEN VPN wizard

    WAN RULES:
    IPv4 UDP * * 10.10.10.11 1194 (OpenVPN) * none OPEN VPN

    Any idea? Do you need some specific info?
    Thank you very much!!


Log in to reply