Frustrated! Openvpn clients can connect fine but not reach LAN Clients/servers
-
Hi all,
Apologies this may be a bit long but ill try to include all info.
Also im not an expert but have a reasonable understanding so please be patient with me :)Running fresh install of pfSense 2.4.5-RELEASE-p1
LAN: 192.168.0.0/24
PFSense & Gateway: 192.168.0.254
OpenVPN tunnel subnet: 10.99.99.0/24VPNClient can connect fine from internet. Gets IP 10.99.99.2
From the VPN Client i can ping 10.99.99.1 (VPN gateway?) & also 192.168.0.254 (pfSense LAN IP)
Can NOT ping anything else in LAN client eg: 192.168.0.50
192.168.0.0/24 Route is in VPN clients routing tableIPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 172.20.10.1 172.20.10.5 50 10.99.99.0 255.255.255.0 On-link 10.99.99.2 281 10.99.99.2 255.255.255.255 On-link 10.99.99.2 281 10.99.99.255 255.255.255.255 On-link 10.99.99.2 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 172.20.10.0 255.255.255.240 On-link 172.20.10.5 306 172.20.10.5 255.255.255.255 On-link 172.20.10.5 306 172.20.10.15 255.255.255.255 On-link 172.20.10.5 306 192.168.0.0 255.255.255.0 10.99.99.1 10.99.99.2 25 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.99.99.2 281 224.0.0.0 240.0.0.0 On-link 172.20.10.5 306 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.99.99.2 281 255.255.255.255 255.255.255.255 On-link 172.20.10.5 306 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.0.254 Default ===========================================================================
In pfSense OpenVPN server settings settings it has 192.168.0.0/24 as "IPv4 local network"
Firewall Rules are all good & nothing denied in logs (logging on)From diag>ping;
using LAN as source (192.168.0.254) i can ping 192.168.0.50
using LAN as source (192.168.0.254) i can ping 10.99.99.1
using LAN as source (192.168.0.254) i can NOT ping 10.99.99.2
using OpenVPN server as source (10.99.99.1) i can ping 192.168.0.254
using OpenVPN server as source (10.99.99.1) i can NOT ping 192.168.0.50
using Openvpn server as source (10.99.99.1) i can ping 10.99.99.2Tried;
- Adding advanced config custom option of push "route 192.168.0.0 255.255.255.0"
- Initially DHCP was not being provided by pfSense (coming from sever) but read pfsense
- Reinstalling and starting from scratch with just basic wizard config
none has made any difference
Getting very frustrated!!
Any ideas? What am i missingThanks in advance
Graeme -
Check your server/clients firewall, disable it for testing.
For example, the Windows Firewall blocks any incoming traffic outside of known subnets. So if you don't tell Windows you want to allow incoming traffic from 10.99.99.0/24 ....it's blocked.-Rico
-
Thanks Rico :) That was the issue!
Hadnt considered that in this environment as normally we have that defined by GPO.
Had to create a local FW rule to allow access from remote private subnets.
Thanks Again!! -
Glad you have it working now.
-Rico