OpenVPN connects but can only ping the gateway
-
Hi all,
I have used the setup wizard to create an OpenVPN tun network for remote access on pfSense version 2.4.5 but I can not access any of my LAN devices yet everything seems right.On my pfSense I can see the remote client is connected, and on the win10 client I can see in route print that there is routing information for my LAN network.
The problem is when I try and access anything on my LAN network. I can ping the pfSense box and access its webpage using its LAN IP, but that is it, I cant access any other device on my LAN.
I have a DrayTek v130 modem setup as bridge to my pfSense which is getting a public IP via PPPoE from my ISP (BT), and a NoIP DDNS set up. On the client side there is a standard ISP (also BT) modem/router combo.
Any suggestion on what i should try would be greatly appreciated.
-
@wbrown766 Check the firewalls of your lan devices as a starting point.
-
Firewall rules
Tunnel network
DNSSome Screenshots would be nice so we can help
-
Think like a packet. You send a packet in one direction, and you expect a different packet to come back as a reply.
The first thing to check is to see (at a target) if a packet is actually getting to it. If so, you have a return routing problem possibly, though. Especially if the pfSense is not the default gateway to the internet.
You also may not have put the best IP address choice for the VPN subnet. It's not the same as the internal LAN, is it?
At any rate, I like to use Wireshark and packet captures to see where the packets are going. If nothing shows up at the destination, then move to (or start with) the pfSense and do a packet capture there. You are looking for packets coming out of the tunnel, including your ping tests to pfSense. Look for the addressing on the packets to see if the source and destination addresses are as expected.
And you will need a filter rule on the pfSense to allow the traffic, under Firewall, Rules, OpenVPN. What do you have in there? I've got a simple Pass rule for any to any. That said, I set it up once as a quick test and didn't really do much testing, but I think it worked fine to my internal LAN.