PFSense 2.5 OpenVPN connects but not routing to LAN

wjterveld

Hello,

The situation:
PFsense server with interfaces:
LAN 10.101.101.0/24
WAN 82.82.82.82 (not the actual IP)
OpenVPN 10.0.8.0/24

Now I'm trying to create a VPN server using the Wizard. And it all seems to go fine. Next I download the client (used the export plugin).
The client site is able to connect and ping the IP of the OpenVPN interface (10.0.8.1 and 10.0.8.2) and the IP of the LAN interface of the PFSense server (10.101.101.251). But I'm unable to ping or connect to any other server(s) on the LAN site?
I must be missing something. I have followed multiple documentations and instructions, started over and over again but all efforts end with the same result..

I'm puzzled....

wjterveld

Solved:
my solution was to add both 10.101.101.0/24 and 10.0.8.0/24 in the VPN IPv4 Local network(s)

wjterveld

Damn!! after the upgrade to 2.5.1 the OpenVPN broke again!

Dementian

Hi there,

i am using PFsense / Monowall since more than 10 years and never had any bigger problems.
I faced the same problem as wjterveld on one company site of 4.
The 3 other locations are running as expected without this "wrong" IPv4 local network added to the OpenVPN Server.

The difference is only that on this location i cannot use the pfsense to dial in via PPPoE (because of Phones).
So i had to manage by using exposed host to the PFSense, which works perfect for all other connections (IPSec for Site2Site, All Mailserver ports, VoIP, ...) just not for OpenVPN.
I can connect from remote to the PFSense by OpenVPN, i can browser the firewall itself, but cannot reach to LAN.

I would prefere a propper solution and not to handle like this. Because it's not clear to me why it even works.

If needed i can add more details.

  .-----+-----. Public IP
  |  Gateway  |  (Telekom DSL Modem, Exposed host 192.168.3.254)
  '-----+-----' 192.168.3.1
        |
    WAN |  
        |
  .-----+-----. 192.168.3.254
  |  pfSense  +
  '-----+-----' 192.168.0.254
        |
    LAN | 192.168.0.1/24
        |
  .-----+------.
  | LAN-Switch |
  '-----+------'
        |
...-----+------... (Clients/Servers)

wjterveld

What version are you using? And did you use the wizard too?

Dementian

I use 2.4.4-RELEASE-p3 on all routers and started with using the wizard on all, as far as i can remember.
The only package i installed is the client export for openVPN.

wjterveld

@dementian I started with 2.4 and upgraded to 2.5 with the same problem. Then did a fresh install of 2.5 (lost wirguard!) and still got the same problem..