Issues with Subnet behind UDM Pro
- 
 @misinthe 
 In addition to proper firewall rules on both devices, you need static routes on pfSense for the networks behind the UDM pointing to its WAN IP.Also consider to also allow the access from the VPN subnet on the destination servers firewall if running any. 
- 
 @viragomann 
 Thank you for your suggestion, it's taken me a couple of days to test all this, this is what I have so far and it is still not working.Gateways 
  Static Routing 
  LAN Rules 
  OpenVPN Rules 
  
- 
 @misinthe 
 As I mentioned, network devices may probably block access from outside their subnet. That is the default behavior.To investigate use the Ping tool on pfSense in the Diagnostic menu to ping a device behind the UDM. Try a ping with default settings, then change the source to OpenVPN and try again. 
- 
 @viragomann said in Issues with Subnet behind UDM Pro: network devices may probably block access from outside their subnet. It is possible, but even so in your firewall rule you have nothing so I understand that this rule is not even running. On the other hand @Misinthe shows his openvpn configuration, this would help a lot. 
- 
 @silence said in Issues with Subnet behind UDM Pro: but even so in your firewall rule you have nothing so I understand that this rule is not even running. So you say, allowing anything from any to any is not sufficient? 
 What are you missing?@Misinthe 
 BTW: You should modify the block DNS rule on LAN and change the protocol to TCP/UDP. DNS may possibly fallback to TCP.
- 
 @viragomann said in Issues with Subnet behind UDM Pro: What are you missing?  I mean these rules all 0 / 0 ! 
- 
 @silence 
 Ahh, but we talking here about an issue of accessing the network behind the UDM from an OpenVPN client, which is connected to pfSense. So these rules are not relevant here.
- 
 @viragomann said in Issues with Subnet behind UDM Pro: Ahh, but we talking here about an issue of accessing the network behind the UDM from an OpenVPN client, which is connected to pfSense. So these rules are not relevant here. These rules point to ip as 10.20.50.0, it seems to me that they were confused, this must be placed in the configuration of their openvpn. 
- 
 @silence said in Issues with Subnet behind UDM Pro: @viragomann said in Issues with Subnet behind UDM Pro: network devices may probably block access from outside their subnet. It is possible, but even so in your firewall rule you have nothing so I understand that this rule is not even running. On the other hand @Misinthe shows his openvpn configuration, this would help a lot. Thank you, I modified it. 
- 
 @silence said in Issues with Subnet behind UDM Pro: @viragomann said in Issues with Subnet behind UDM Pro: Ahh, but we talking here about an issue of accessing the network behind the UDM from an OpenVPN client, which is connected to pfSense. So these rules are not relevant here. These rules point to ip as 10.20.50.0, it seems to me that they were confused, this must be placed in the configuration of their openvpn. So those rules are not really being used right now because I haven't finished setting my Webhost up. Only the OpenVPN points to 10.20.50.0, which is what I'm trying to make work, the other uses 10.30.0.50, which is a VM's IP on my DMZ host. 
- 
 @misinthe said in Issues with Subnet behind UDM Pro: Thank you, I modified it. Do not forget to like the comment, which helped you solve your problem. Thank you 
- 
 So, here are the results. Default to Google 
  Default to Lan Server 
  OpenVPN to Google 
  OpenVPN to Lan Server 
  
- 
 @silence said in Issues with Subnet behind UDM Pro: @misinthe said in Issues with Subnet behind UDM Pro: Thank you, I modified it. Do not forget to like the comment, which helped you solve your problem. Thank you It didn't fix my issue, I just modified the rule in the DNS rule like you suggested. 
- 
 @misinthe said in Issues with Subnet behind UDM Pro: It didn't fix my issue, I just modified the rule in the DNS rule like you suggested. Excellent, now we can go step by step: this server 10.10.0.5 what is it? and from it you can reach 8.8.8.8 ? 
- 
 @Misinthe you lan server know how to get back to pfsense? 
- 
 @silence said in Issues with Subnet behind UDM Pro: @misinthe said in Issues with Subnet behind UDM Pro: It didn't fix my issue, I just modified the rule in the DNS rule like you suggested. Excellent, now we can go step by step: this server 10.10.0.5 what is it? and from it you can reach 8.8.8.8 ? This is my media server, Emby/Plex. And yes, everything on my 10.10.0.0/24 network can reach out to the internet, that's my home's main LAN. 
- 
 @silence said in Issues with Subnet behind UDM Pro: @Misinthe you lan server know how to get back to pfsense? What do you mean? All my networks use PfSense as DNS server, so pfBlockerNG can do it's thing. I'm starting to believe the UDMP might be the one blocking. 
- 
 @misinthe publish your openvpn configuration. 
- 
 @silence said in Issues with Subnet behind UDM Pro: @misinthe publish your openvpn configuration. Here you go        
- 
 @misinthe said in Issues with Subnet behind UDM Pro: So, here are the results. So as you see, you don't get a respond from the server, even if the static route points to the UDM. So next step is to sniff the traffic on the UDM on both WAN and LAN side, while you send pings from pfSense. Or maybe you can sniff the packets on the destination server itself. Remember what I said about the operating system firewall beginning with my first here.