VPN connects but can't connect to other network devices

hliende

This post is deleted!

KOM

@hliende I'm not clear on what you want for an end result. Do you want your OpenVPN clients to have access to one or more of your networks? You control access via the OpenVPN tab on the firewall rules page. By default it should allow everything to anywhere.

hliende

@kom I would like to connect from the VPN client to specific servers/ports on 1 subnet via Firewall rules.

And at least according to the pfSense firewall page, when you don't add a rule, everything is blocked:

"All incoming connections on this interface will be blocked until pass rules are added. Click the button to add a new rule. "

KOM

@hliende That is correct, however the OpenVPN wizard will automagically add an allow rule. So in your case now, you want to delete that default rule. Then you want a pass rule that allows only access to the network you choose and the specific ports you want. Create a port alias and then use that in the rule for easier readability.

hliende

@kom Thanks, but i have the firewall rules in place already on the OpenVPN interface. I can see in the firewall logs that the network traffic is being passed, not blocked.

viragomann

@hliende said in VPN connects but can't connect to other network devices:

I also changed the gateway setting in each firewall rule from Default to the OpenVPN gateway,

That's wrong. You have to set it back to any.

For access from VPN clients to internal networks, you only need rules on the OpenVPN tab.

To be clear, is pfSense the default gateway in all remote subnets?

Is the server you try to reach accessible from other networks?

hliende

@viragomann Thanks, I changed the gateway back to default. I made some headway. I'm able to connect to a Samba server, but I'm still having trouble playing an old network-based game where the game is the server.

I ran tcpdump on both the OpenVPN and the physical interface. I see connections to the server and back, but the game doesn't allow online games. When I disconnect the VPN and connect on the a different interface it works. I copied the firewall rules from this interface to the OpenVPN interface. I created firewall rules to allow all traffic between the OpenVPN interface and the physical interface, but still no luck. I don't see any dropped packets.

Is there anything else about the VPN settings that would cause an issue?

viragomann

@hliende said in VPN connects but can't connect to other network devices:

but I'm still having trouble playing an old network-based game where the game is the server.

Where does the game server reside? Where the client?

hliende

@viragomann Game server is on Interface 2, Client is on the OpenVPN interface. Here's a quick layout of my network:

Interface 0 - WAN
Interface 1 - 192.168.0.x
Interface 2 - 192.168.1.x
OpenVPN - 192.168.2.x

Interface 1 an 2 can reach the internet through WAN/Interface 0, but generally can't talk to each other (with some exceptions made in the firewall).

Locally, a computer on Interface 1 can play games with computers on Interface 2. I just looked for the ports that were requested and opened those up on the firewall. Additionally, computers on Interface 2 can talk to a file share on Interface 1.

Using the VPN, I copied the rules used for the file share and gaming (on both the physical and OpenVPN interface respectively) to do the same thing for OpenVPN clients. I'm able to connect in, and from the OpenVPN client I can connect to the file share on Interface 1. I'm able to ping the game server on Interface 2, but when I try to run the games they server isn't visible in the game.