LAN computers cannot access remote network nodes


  • Hi,
    I'm trying to connect a remote network to my home LAN using OpenVPN Client on pfSense.
    When I connect to the remote OpenVPN box using my laptop, I can ping all servers on the remote network.
    Same way: pfSense OpenVPN client is successfully connected and I can ping servers using Diagnosis -> Ping.
    But pfSense LAN clients (pfSense is the default gateway) cannot ping any remote servers.
    It may be a simple routing issue but I can't figure it out.
    Thanks for the help.

  • LAYER 8 Rebel Alliance

    You did not give any detail about the configuration....sounds to me like you are running OpenVPN in the wrong Server mode.
    Remote Access (aka roard warrior) = Endpoints like PC, notebook, smartphone and so on connecting to the VPN Server.
    Peer to Peer (aka Site to Site) = Connecting two (or more) routers with any network behind them together.

    -Rico


  • Hi,
    Sorry I forgot indeed. Here's what I have on the server:

    proto udp6
    port 1194
    
    dev tunudp1194
    
    keepalive 10 60
    persist-key
    persist-tun
    topology subnet
    
    verb 3
    
    # CERTS
    duplicate-cn
    key  /etc/openvpn/easy-rsa/keys/myvpn.key
    cert /etc/openvpn/easy-rsa/keys/myvpn.crt
    ca   /etc/openvpn/easy-rsa/keys/ca.crt
    dh   /etc/openvpn/easy-rsa/keys/dh2048.pem
    
    # hardening
    remote-cert-tls client
    tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
    crl-verify /etc/openvpn/easy-rsa/keys/crl.pem
    
    tls-version-min 1.2
    
    cipher AES-256-CBC
    auth SHA256
    
    reneg-sec 60
    server 10.x.y.z 255.255.255.0
    

    For now I'm using an image generated by scaleway: https://github.com/scaleway-community/scaleway-openvpn.
    The idea is to run OpenVPN in Remote Access since I don't want the remote site to connect back to the pfSense box.