Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow OpenVPN Server to access Pfsense Subnets

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 787 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O Offline
      Owen82
      last edited by

      Hi All,

      I have pfsense openvpn client connection to a VPS running openvpn server. Everything is working well - I can access SSH on the VPS through the openvpn connection from my local subnets.

      But I would like the VPS to access the local subnets. How can I do that?

      I have a firewall rule on the LAN interface that allows any traffic from the OpenVPN server network. Do I need a NAT rule also?

      Any help appreciated! :)

      R 1 Reply Last reply Reply Quote 0
      • R Offline
        rcoleman-netgate Netgate @Owen82
        last edited by

        @owen82 Two things are needed:

        1. The local networks need to exist on the remote OVPN server as remote networks and
        2. The OpenVPN interface needs to allow passing of the traffic.

        Have you tested it?
        Did you see anything in your Firewall logs? https://docs.netgate.com/pfsense/en/latest/monitoring/logs/firewall.html

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        O 1 Reply Last reply Reply Quote 1
        • O Offline
          Owen82 @rcoleman-netgate
          last edited by

          @rcoleman-netgate thank you and sorry for the slow reply- I see that the auto added OVPN ANY/ANY rule is there (and passing a bit of traffic).

          I also added static route on the VPS for 192.168.0.0 255.255.255.0(LAN Net) via 10.8.0.1 (VPS OVPN Int), but still no dice.

          I do not see anything in the firewall logs for 10.8.0.1 or 10.8.0.2.

          V 1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann @Owen82
            last edited by

            @owen82 said in Allow OpenVPN Server to access Pfsense Subnets:

            I also added static route on the VPS for 192.168.0.0 255.255.255.0(LAN Net) via 10.8.0.1 (VPS OVPN Int),

            That's the servers IP. You have to point it to the client, which might have 10.8.0.2.
            However, this should better be done in OpenVPN Wirth the Route Option. Conider that this requires a /30 tunnel network, otherwise you need a host override with iroute.

            O 1 Reply Last reply Reply Quote 1
            • O Offline
              Owen82 @viragomann
              last edited by

              @viragomann It's working!

              I had tried the static route on the VPN to the client side IP but it wasn't working, so I tried the server side. I ended up deleting the static route I made and going with your recommendation of letting OVPN do that. The pfsense client was already set to the /30 network.

              For anyone else in a similar scenario, read this: OpenVPN: Including multiple machines on the client side when using a routed VPN (dev tun).

              And I missed an "i" on the "iroute 192.168.0.0 255.255.255.0" in the client file in the CCD folder on the server. #Facepalm.

              Big thank you to @viragomann and @rcoleman-netgate ! 👍

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.