Unable to route to private network from openVPN connection?
-
I have created a new opveVPN.
My IPv4 Tunnel Network is 10.10.70.0/24
My IPv4 Local network(s) is 10.10.10.0/24I can connect and access pfsense gui with 10.10.70.1.
I have
This is my local route table (my remote PC from whom I connect to the VPN)IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 55 10.10.70.0 255.255.255.0 On-link 10.10.70.2 281 10.10.70.2 255.255.255.255 On-link 10.10.70.2 281 10.10.70.255 255.255.255.255 On-link 10.10.70.2 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.1.0 255.255.255.0 On-link 192.168.1.105 311 192.168.1.105 255.255.255.255 On-link 192.168.1.105 311 192.168.1.255 255.255.255.255 On-link 192.168.1.105 311 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.1.105 311 224.0.0.0 240.0.0.0 On-link 10.10.70.2 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.1.105 311 255.255.255.255 255.255.255.255 On-link 10.10.70.2 281 =========================================================================== Persistent Routes: NoneI am unable to ping or connect any 10.10.10.X IP.
If I grant any of my servers 10.10.70.X IP I am able to SSH or RDP into it.
I am able to ping 10.10.10.X connections from my pfsense machine.What am I missing?
Why can't I route to 10.10.10.X -
@diana_shik In your OpenVPN server config, did you specify your 10.10.10.0/24 network under IPv4 Local network(s)?
-
@kom Yes.
I think for some resone I don't have route from 10.10.70.X to 10.10.10.X. -
@diana_shik Do you have the client end set to not pull routes?
-
@kom Not to my knowledge.
I have created the client export via "Client Export Utility".
I did not create any other client. -
@kom Ok.
After switching to IPv4 Local network(s) in tunnel settings to 10.10.10.1/16 my route table looks like this:IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 50 10.10.0.0 255.255.0.0 10.10.70.1 10.10.70.2 281 10.10.70.0 255.255.255.0 On-link 10.10.70.2 281 10.10.70.2 255.255.255.255 On-link 10.10.70.2 281 10.10.70.255 255.255.255.255 On-link 10.10.70.2 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.1.0 255.255.255.0 On-link 192.168.1.105 306 192.168.1.105 255.255.255.255 On-link 192.168.1.105 306 192.168.1.255 255.255.255.255 On-link 192.168.1.105 306 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.1.105 306 224.0.0.0 240.0.0.0 On-link 10.10.70.2 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.1.105 306 255.255.255.255 255.255.255.255 On-link 10.10.70.2 281 =========================================================================== Persistent Routes: NoneI have now:
10.10.0.0 255.255.0.0 10.10.70.1 10.10.70.2 281If I run
tracert 10.10.10.2I get:Tracing route to 10.10.10.2 over a maximum of 30 hops
1 23 ms 23 ms 30 ms 10.10.70.1
2 * * * Request timed out.
3 * * * Request timed out.So now I am routed to the tunnel but still can't access the LAN.
-
@diana_shik Does your OpenVPN tab have any rules? It should have an Allow All rule created by the wizard but best to double-check.
-
@kom Yes, it have an allow all.
Also there is an inbound pass to openvpn port on the WAN. -
@diana_shik Anything of note in the OpenVPN log in System Logs?
-
@diana_shik
First thing to ask, is pfSense the default gateway in the remote network? -
@viragomann Yes it is.
Also I am able to pint and trace this IP from pfsense LAN intarface. -
@diana_shik said in Unable to route to private network from openVPN connection?:
Also I am able to pint and trace this IP from pfsense LAN intarface
Okay, so check the following, please:
On pfSense go to Diagnostic > Ping
Do a ping to a machine you want to reach from VPN. Should work, I assume.
Then change the source to OpenVPN and try again.If you don't get a respond you have to check the destination device. Maybe its firewall is blocking the access.
-
@viragomann What do you mean by "Do a ping to a machine you want to reach from VPN"
Under Diagnostics-> Ping I don't have VPN.
Should I?I do have my openVPN and I loose all packets.
-
@diana_shik
You should find your OpenVPN server in the drop-town.
You can simultanously do a sniff the packets on the LAN interface to see what's going on.If you see the request packets on the LAN, but no responses, the destination machine either blocks the access from other networks by its own firewall or it has a different default route.
You may disable the firewall on the device for testing. -
@viragomann I see.
I can ping and route from LAN successfully.
I can not ping or route from openVPN.
