Help needing to route from LAN to Ubuntu OpenVPN Server via pfSense
-
I have a pfSense firewall on network 1. It is set up as OpenVPN Client pointing to the OpenVPN server hosted on network 2 (Ubuntu). All I want to achieve is to allow all devices on the LAN subnet on network 1 to be able to reach the OpenVPN server via the VPN, all other traffic should route out the default GW of the pfSense on network 1.
I have managed to get everything working (the pfSense OpenVPN client connection to the Ubuntu OpenVPN server succeeds, and from the pfSense box I can ssh to the internal OpenVPN IP. However, I cannot ssh to the OpenVPN IP from the LAN on network 1.
I have a static route on pfSense matching the "server" subnet I defined on Ubuntu. This points to the dynamic gateway pfSense added for the new OpenVPN interface (which I created in Assign Interfaces and added a default any to any rule to allow all network traffic).
Listening for packets on pfSense and Ubuntu on port 22, everything works as expected when initiating an ssh connection from the pfSense box. However, when trying to connect via SSH from LAN on network 1 through pfSense to the UIbuntu VPN address of 10.0.0.1, I can see the packets arriving on ovpnc on pfSense but never arriving at the Ubuntu box.
19:03:55.282508 IP pc.local.65347 > 10.0.0.1.ssh: Flags [S], seq 918073975, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1686939314 ecr 0,sackOK,eol], length 0 19:03:56.308962 IP pc.local.65347 > 10.0.0.1.ssh: Flags [S], seq 918073975, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1686940314 ecr 0,sackOK,eol], length 0 ...What am I missing? The routing table on pfSense contains:
10.0.0.5 link#18 UH ovpnc 10.0.0.6 link#18 UHS lo0