Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access OpenVPN Client LAN from PFSense LAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    12 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mw2u
      last edited by

      Hello everyone,

      I have two locations, lets say A and B.

      In location "A" I have a router that supports OpenVPN Server.
      LAN: 10.10.6.0/24 ,VPN Subnet: 10.6.0.0/24

      In location "B" I have a PFSense Server. LAN 10.10.2.0/24 and 2 WANS with public IPs.
      I added the VPN as a client, everything works, I can ping entire "A" network from pfsense ping tool.

      The problem is that I can't make it work from LAN "B". I want everyone from LAN "B" to be able to access devices from LAN "A"

      What I did so far:
      Assignment new interface (ovpnc1).
      Added as dynamic gateway, disabled monitoring, added firewall rules.

      From this point I tried static routes, NAT rules and I ran out of ideas, I don't even know how to debug/trace this.

      Thank you very much, any idea can help me.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @mw2u
        last edited by

        @mw2u said in Access OpenVPN Client LAN from PFSense LAN:

        I can ping entire "A" network from pfsense ping tool.

        Even if you change the source to LAN?

        M 1 Reply Last reply Reply Quote 0
        • M
          mw2u @viragomann
          last edited by

          @viragomann No, If I change to source LAN it's not working.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @mw2u
            last edited by

            @mw2u
            I assume the router in A is the default gateway on the devices behind it.

            I also assume you have already add a firewall rule which allow any, also any protocols.

            Does the remote router allow the access from the LAN?

            M 1 Reply Last reply Reply Quote 0
            • M
              mw2u @viragomann
              last edited by

              @viragomann Yes, its the default gateway for devices behind it.
              Yes, I added a firewall rule for "vpn client" which Pass IPv4, any protocol, source any, destination any.
              Yes.

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @mw2u
                last edited by

                @mw2u
                So the problem will be on site A.
                Not really clear, why you're able to ping any LAN device in A from the B pfSense, possibly the router does S-NAT on this connection while it doesn't on connection from the A-LAN, cause he is not aware of that subnet.

                If it does NAT, maybe the destination device simply blocks access, cause it is coming from outside of its own subnet. This is the default behavior of computers firewall with networking enabled.

                You may investigate the problem on site A by sniffing the traffic.

                M 1 Reply Last reply Reply Quote 0
                • M
                  mw2u @viragomann
                  last edited by

                  @viragomann I didn't think it might be an "A" problem, but I'll research and come back. Thank you!

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @mw2u
                    last edited by

                    @mw2u said in Access OpenVPN Client LAN from PFSense LAN:

                    No, If I change to source LAN it's not working.

                    This lead the only conclusion, that the failure is on A.
                    Also possible that the push option for the LAN B network is missed in the OpenVPN config of router A.

                    1 Reply Last reply Reply Quote 0
                    • M
                      mw2u
                      last edited by

                      I did a lot of tests, nothing seems to work.
                      There is no problem in "A", I tested installing the client on windows, push option are present. From windows everything works perfect.

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        viragomann @mw2u
                        last edited by

                        @mw2u
                        Not clear what you expect to test on Windows. Windows is no router and I'm sure you haven't configured it as one.

                        Did you sniff any traffic on A site?

                        I cannot help to fight the problem on A site without any information of the behavior there.
                        The only thing you can do on pfSense to get it work is a workaround with NAT, which is the very last option.

                        M 1 Reply Last reply Reply Quote 0
                        • M
                          mw2u @viragomann
                          last edited by

                          @viragomann Like I said, in location A is a router with a openvpn server. I installed openvpn client on windows and i checked if server push route and if i can access all devices behind that router and everything its good. This makes me thinking something its not right on B, in pfsense client config.

                          V 1 Reply Last reply Reply Quote 0
                          • V
                            viragomann @mw2u
                            last edited by

                            @mw2u said in Access OpenVPN Client LAN from PFSense LAN:

                            I installed openvpn client on windows and i checked if server push route and if i can access all devices behind that router and everything its good.

                            So it's exactly the same as from the point of pfSense in B. pfSense can access all clients in A as well.

                            Configure the Windows computer as a router, set it as default gateway and try to access A from the network behind it, if you want a true comparison.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.