Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't access pfsense LAN and GUI over VPN if connected to another VPN beforehand

    OpenVPN
    2
    4
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      someusername
      last edited by

      I hope I can describe the situation well enough.

      No access to local resources of a pfsense = no ping to any IP in the range, including the gateway which is on the pfsense. Each firewall is in different location, different networks.

      Me(Ubuntu desktop)--->office with (1)pfSense /w openvpn server, all my traffic passes through it. Then I connect to a second (2)pfSense /w openvpn server in order to access some private IPs.
      As soon as I vpn to (2), I loose web gui access to the WAN IP and I can't access the local network of (2)

      If I do not connect to (1), but connect straight to (2) all works well.
      If I am physically in the office, I do not have issue connecting to (2). - not connecting to (1) since I am on the network physically.

      I had similar issue with another 2 locations, gui was accessible, lan not. In both cases I had whitelisting enabled for the VPN rule on the WAN interface. Allowed all IPs and worked fine. Weirdly, the whitelisting had the office (1)pfsense IP included.

      I have several other pfsenses that I access in the same manner and do not have issues.

      The only notable difference between (2)pfsense and the rest are that it has the oldest version in the group - 2.3.2 and is a VM on a XEN server.

      Any pointers on what to look for?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @someusername
        last edited by

        @someusername
        I suspect the VPN servers (or the client itself) set overlapping routes on the client.
        So check the routing table for each connection separately.

        If you get the routes from the server, possibly set one connection to don't pull it and add the needed routes by hand to the client.

        S 1 Reply Last reply Reply Quote 1
        • S
          someusername @viragomann
          last edited by

          @viragomann Hello again :)

          Thank you for the input. I was wondering about missing route, did not think about overlap.

          I will try your suggestion next week and update.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @someusername
            last edited by

            @someusername
            If you were missing routes, you could not access the remote devices, even with a single connection.

            A member wrote here that his Ubuntu client changes the default route and points it to the server, even if the server is not set to push "redirect gateway". But possibly one of your server is.
            With former version of NetworkManager I'd experienced this as well, but I'm not on Ubuntu.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.