Frustrated! Openvpn clients can connect fine but not reach LAN Clients/servers



  • Hi all,

    Apologies this may be a bit long but ill try to include all info.
    Also im not an expert but have a reasonable understanding so please be patient with me :)

    Running fresh install of pfSense 2.4.5-RELEASE-p1

    LAN: 192.168.0.0/24
    PFSense & Gateway: 192.168.0.254
    OpenVPN tunnel subnet: 10.99.99.0/24

    VPNClient can connect fine from internet. Gets IP 10.99.99.2
    From the VPN Client i can ping 10.99.99.1 (VPN gateway?) & also 192.168.0.254 (pfSense LAN IP)
    Can NOT ping anything else in LAN client eg: 192.168.0.50
    192.168.0.0/24 Route is in VPN clients routing table

         IPv4 Route Table
          ===========================================================================
          Active Routes:
          Network Destination        Netmask          Gateway       Interface  Metric
                    0.0.0.0          0.0.0.0      172.20.10.1      172.20.10.5     50
                 10.99.99.0    255.255.255.0         On-link        10.99.99.2    281
                 10.99.99.2  255.255.255.255         On-link        10.99.99.2    281
               10.99.99.255  255.255.255.255         On-link        10.99.99.2    281
                  127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
                  127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
            127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
                172.20.10.0  255.255.255.240         On-link       172.20.10.5    306
                172.20.10.5  255.255.255.255         On-link       172.20.10.5    306
               172.20.10.15  255.255.255.255         On-link       172.20.10.5    306
                192.168.0.0    255.255.255.0       10.99.99.1       10.99.99.2     25
                  224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
                  224.0.0.0        240.0.0.0         On-link        10.99.99.2    281
                  224.0.0.0        240.0.0.0         On-link       172.20.10.5    306
            255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
            255.255.255.255  255.255.255.255         On-link        10.99.99.2    281
            255.255.255.255  255.255.255.255         On-link       172.20.10.5    306
          ===========================================================================
          Persistent Routes:
            Network Address          Netmask  Gateway Address  Metric
                    0.0.0.0          0.0.0.0    192.168.0.254  Default
          ===========================================================================
    

    In pfSense OpenVPN server settings settings it has 192.168.0.0/24 as "IPv4 local network"
    Firewall Rules are all good & nothing denied in logs (logging on)

    From diag>ping;
    using LAN as source (192.168.0.254) i can ping 192.168.0.50
    using LAN as source (192.168.0.254) i can ping 10.99.99.1
    using LAN as source (192.168.0.254) i can NOT ping 10.99.99.2
    using OpenVPN server as source (10.99.99.1) i can ping 192.168.0.254
    using OpenVPN server as source (10.99.99.1) i can NOT ping 192.168.0.50
    using Openvpn server as source (10.99.99.1) i can ping 10.99.99.2

    Tried;

    • Adding advanced config custom option of push "route 192.168.0.0 255.255.255.0"
    • Initially DHCP was not being provided by pfSense (coming from sever) but read pfsense
    • Reinstalling and starting from scratch with just basic wizard config

    none has made any difference

    Getting very frustrated!!
    Any ideas? What am i missing

    Thanks in advance
    Graeme


  • LAYER 8 Rebel Alliance

    Check your server/clients firewall, disable it for testing.
    For example, the Windows Firewall blocks any incoming traffic outside of known subnets. So if you don't tell Windows you want to allow incoming traffic from 10.99.99.0/24 ....it's blocked.

    -Rico



  • Thanks Rico :) That was the issue!
    Hadnt considered that in this environment as normally we have that defined by GPO.
    Had to create a local FW rule to allow access from remote private subnets.
    Thanks Again!!


  • LAYER 8 Rebel Alliance

    Glad you have it working now.

    -Rico


Log in to reply