Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLANs and VPN

    Scheduled Pinned Locked Moved Firewalling
    11 Posts 3 Posters 792 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • natethegreat21N Offline
      natethegreat21
      last edited by

      Hey guys! So I have been having some issues trying to get my VLANS to stop talking to each other as well as trying to allow my VPN connection access to servers on VLANs but I dont seem to be getting anywhere. As a side note the IP of my connection on the VPN is 192.168.170.2 and the rules are the same for the other VLANs! Please see the firewall rules attached. Im not an expert with PFSense so please be patient. Thank you!

      Rule 4.PNG Rule 3.PNG Rule 2.PNG Rule 1.PNG

      R 1 Reply Last reply Reply Quote 0
      • R Offline
        rcoleman-netgate Netgate @natethegreat21
        last edited by

        @natethegreat21 how are you validating the traffic is clearing? Is it a ping? What's the source? Best bet is to find one spot, make it stop working, and then work from there (by duplicating/expanding rules).

        Rules are also run from top to bottom.

        Personally I would avoid Floating rules unless you absolutely have to have them. They wreck havoc on systems.

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        natethegreat21N 1 Reply Last reply Reply Quote 0
        • natethegreat21N Offline
          natethegreat21 @rcoleman-netgate
          last edited by natethegreat21

          @rcoleman-netgate I am trying to RDP and ping the servers/vms from a hotspot and I tried at my office but no luck.. I will disable the floating rules and see if that helps.

          R 1 Reply Last reply Reply Quote 0
          • R Offline
            rcoleman-netgate Netgate @natethegreat21
            last edited by

            @natethegreat21 Check packet captures, too, Windows Firewall is a royal PITB at times. I've seen networks from VPNs get rejected because they're not part of the local LAN.

            Ryan
            Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
            Requesting firmware for your Netgate device? https://go.netgate.com
            Switching: Mikrotik, Netgear, Extreme
            Wireless: Aruba, Ubiquiti

            natethegreat21N 1 Reply Last reply Reply Quote 0
            • natethegreat21N Offline
              natethegreat21 @rcoleman-netgate
              last edited by

              @rcoleman-netgate I will take a package capture. Do you think I need to allow the OpenVPN port in windows firewall?

              R J 2 Replies Last reply Reply Quote 0
              • R Offline
                rcoleman-netgate Netgate @natethegreat21
                last edited by

                @natethegreat21 No, just run the test without changing Windows. Verify the traffic is going in the OVPN interface, then out the proper internal interface on the pfSense. If it is exiting the pfSense on the internal interface the issue is not related to pfSense.

                Ryan
                Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
                Requesting firmware for your Netgate device? https://go.netgate.com
                Switching: Mikrotik, Netgear, Extreme
                Wireless: Aruba, Ubiquiti

                1 Reply Last reply Reply Quote 0
                • J Offline
                  Jarhead @natethegreat21
                  last edited by

                  @natethegreat21
                  Just to add, all the rules with the vpn network as source are useless. That network will never be a source on your LAN, WAN, or any other VLAN.

                  natethegreat21N 1 Reply Last reply Reply Quote 0
                  • natethegreat21N Offline
                    natethegreat21 @Jarhead
                    last edited by

                    @jarhead Thank you for the heads up. Whats the best way to allow my vpn connection to have access to all VLANs?

                    R 1 Reply Last reply Reply Quote 0
                    • R Offline
                      rcoleman-netgate Netgate @natethegreat21
                      last edited by

                      @natethegreat21 Your VPN should have the networks all declared (local networks in OVPN, P2s in IPsec).

                      Then you need to grant access on each interface for the VPN Network

                      Ryan
                      Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
                      Requesting firmware for your Netgate device? https://go.netgate.com
                      Switching: Mikrotik, Netgear, Extreme
                      Wireless: Aruba, Ubiquiti

                      natethegreat21N 2 Replies Last reply Reply Quote 0
                      • natethegreat21N Offline
                        natethegreat21 @rcoleman-netgate
                        last edited by

                        @rcoleman-netgate Okay so I found the issue, snort was blocking the IP im using for port scanning.

                        1 Reply Last reply Reply Quote 1
                        • natethegreat21N Offline
                          natethegreat21 @rcoleman-netgate
                          last edited by natethegreat21

                          @rcoleman-netgate I found from the logs that it thought I was a bot scanning the network. I really appreciate all the help you guy have given thank you so much!

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.