Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help routing OpenVPN to another gateway on the LAN

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 366 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jared_
      last edited by

      Hi everyone.

      Having a little trouble with this slightly unusual setup, i'll do my best to provide all the information required.

      I have pfSense sitting on a network, the WAN interface is disabled and the LAN (192.168.1.0/24) has OpenVPN (172.16.100.0/24) server listening.

      There's a ubiquity gateway sitting on 192.168.1.1 that's handling the internet that passes VPN traffic to the pfSense.

      When my VPN client connects i get the ability to ping the pfsense on it's LAN IP (192.168.1.200) but i'm unable to ping anything else on the LAN.

      I can use traceroute from the pfSense to see a path to 8.8.8.8 from the LAN but from the OpenVPN interface i simply get * * * * *.

      I've added all the information I think is relevant. Please let me know if anything more would be helpful.

      Appreciate your time in reading and responding! Thanks 🤘

      Client Routes:
      b266b675-2a5a-4632-ac69-363fde71cc62-image.png

      pfSense Routes:
      ea14e19f-945e-4f64-b408-ade8b254a900-image.png

      LAN Rules:
      0565d6c3-9cae-468d-868f-268e59122ab1-image.png

      OpenVPN Rules:
      a6a724cc-38b2-4545-af13-1b9a8091514d-image.png

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @jared_
        last edited by

        @jared_ said in Need help routing OpenVPN to another gateway on the LAN:

        I have pfSense sitting on a network, the WAN interface is disabled and the LAN (192.168.1.0/24) has OpenVPN (172.16.100.0/24) server listening.

        That's not the proper way to connect a VPN server. Youf LAN devices will send response packets to requests from VPN clients to the default gateway instead back to pfSense, since they don't have a proper route for these IPs.

        If you want to run the VPN server behind a NAT router either

        • remove it from LAN and put it into transit network, connected to the router and add a static route for the VPN tunnel network to the router pointing to the VPN server and add static route for the LAN to the VPN server pointing to the router
        • add a static route for the VPN tunnel network pointing to pfSense to each LAN device you want to have access
        • do masquerading on pfSense Lan interface.
        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.