New OpenVPN server, can connect but can't get to LAN subnet.
-
@viragomann Sorry had a bad night just wanting to get this working.
Here is the routing table for the pi.
-
@fatman032
And what's the LAN IP of pfSense? Does it match? -
@viragomann Yes they Match. The LAN is 192.168.192.0/24
Here you go. It has new IP since it no longer has a reservation.
-
@fatman032 said in New OpenVPN server, can connect but can't get to LAN subnet.:
Yes they Match. The LAN is 192.168.192.0/24
That's not a proper Interface IP, that's a network address.
-
@viragomann Here you go.
-
@fatman032
All right. So I cannot tell you, why you run into these out-of-state blocks on LAN:
Since the source port is 80 and the flag is SA, these are definitely respond packets SYN packets. And presumably pfSense did never see the respective SYN packets.
Okay, do you connect your VPN clients from inside your LAN?
-
@viragomann no I have been using my cell as a hotspot.
-
@fatman032 said in New OpenVPN server, can connect but can't get to LAN subnet.:
no I have been using my cell as a hotspot.
Also cut all internal connections?
Need to see the clients routing table to get closer.
-
Also cut all internal connections?
Yes, I turn off the Wi-Fi.
Need to see the clients routing table to get closer.
-
@fatman032
Looks well.Ensure that also your cell phone has no internal connection at the time you test the VPN via the hotspot.
I'm sure, there must be something wrong in your setup. You have obviously an asymmetric routing issue on the VPN.
For further investigation I can only suggest to sniff the traffic on all involved interface while you try to access the LAN from the VPN client.
I guess, the SYN packets don't come in on the VPN interface. -
Well after hours of trying different things. I think I might have found the fix. I have no idea if this was the fix because of the number of things I was trying at the end but this makes since to me. I didn't have these boxes checked and when pfSense made the gateways it didn't check the boxes automatically.
