VPN to my home network without access to all resources

philipt

First time poster, not very proficient in pfsense.

I made a mistake and went on vacation. I have an ordinary 10.0.1.0 network at home and I set up a VPN tunnel home so that I can access my resources in my network which I did on 10.0.2.0. What happened is that my raspberry pi that's setup on 10.0.1.15 for instance is not reachable from 10.0.2.0 network.

I see two solutions to doing this from remote.

Solution 1: Somehow ssh into the pfsense gateway and from there ssh into the raspberry pi and open up so that I can connect from my computer through VPN.

Solution 2: If it's even possible, set the VPN to use IP-numbers in the 10.0.1.0 range which of course potentially risk of locking myself out completely for the duration of my vacation.

Solution 3: which I just thought of, opening up the webserver on my raspberry pi from the outside through port forwarding, but it might still not be possible, I don't know.

Solution 4: Completely disregard any of this and just enjoy my vacation

Any other ideas?

rcoleman-netgate

@philipt What VPN software are you using?

philipt

@rcoleman-netgate

Oh sorry, I'm on:

2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022
FreeBSD 12.3-STABLE

running openVPN

My client is on the linux mint OS with the builtin openvpn.

Edit: Solution 3 was possible, but it feels pretty unsecure doing so. I disabled it again, it's a last resort thing

rcoleman-netgate

@philipt If you're not routing 2.x through the OVPN connection you can't do #3. If you have SSH enabled on the pfSense you can do that. If you have HTTPS access to the pfSense you can change your local network settings on the OVPNS and add the second network to it, then save/apply reboot.

I would, just in case, open up 443 to the world while you do these changes in case you brick yourself out of the VPN.

philipt

@rcoleman-netgate I'm sorry, I'm not proficient enough to understand all of that.

I did try port forwarding to the webserver on the raspberry pi that's on the 1.x network and it worked. Although I'm not feeling safe exposing it like that. It's password protected with the oldschool popup username/password. I don't remember which process I used but it's very basic.

I don't have ssh enabled on the pfsense. I did try to read about it before posting my question here but again, I'm not proficient enough because it kept asking me for "Alternate hostname is not a valid hostname." which I don't know what it is for. it only has the IP-number of the pfsense machine 10.0.1.1

@rcoleman-netgate said in VPN to my home network without access to all resources:

If you're not routing 2.x through the OVPN connection you can't do #3. If you have SSH enabled on the pfSense you can do that.

I wouldn't be able to tell you if I am, I just followed a guide on IIRC the official wiki.

I'm not really using pfsense because of all the features which are extensive, I'm using it to feel more secure than on a consume router, I have the most basic settings.

This seem to be too much to understand to make it work so I thank you for your time.

rcoleman-netgate

@philipt said in VPN to my home network without access to all resources:

I wouldn't be able to tell you if I am, I just followed a guide on IIRC the official wiki.

Typically people post screenshots of their configs with public IPs and keys/password redacted.

I suggest you want to do that at this point so we can point you in the right direction.

As for opening a port -- I wasn't suggesting opening a port to the Pi, but to the pfSense so that if you lock yourself out of the VPN you can still make changes until it is running how you want it. After that you turn off the firewall rule that allows remote access.