• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Access to LAN behind pF OpenVPN CLIENT

Scheduled Pinned Locked Moved OpenVPN
15 Posts 2 Posters 1.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    viragomann @dbadovsky
    last edited by May 9, 2023, 3:06 PM

    @dbadovsky said in Access to LAN behind pF OpenVPN CLIENT:

    I installed OpenVPN server on a VPS.

    Which OS? Also pfSense?

    D 1 Reply Last reply May 9, 2023, 3:15 PM Reply Quote 0
    • D
      dbadovsky @viragomann
      last edited by May 9, 2023, 3:15 PM

      @viragomann No, debian. Installed with angrystan script

      V 1 Reply Last reply May 9, 2023, 3:31 PM Reply Quote 0
      • V
        viragomann @dbadovsky
        last edited by May 9, 2023, 3:31 PM

        @dbadovsky
        This installs only an OpenVPN server on the machine. But you need a P2P to your home.
        Either install a separate OpenVPN instance for this or you have to add a client specific override (client config dir/file) with the iroute command.

        The iroute on the home pfSense is pretty useless. This command is meant to be used on a server.

        D 1 Reply Last reply May 9, 2023, 3:36 PM Reply Quote 0
        • D
          dbadovsky @viragomann
          last edited by dbadovsky May 9, 2023, 3:40 PM May 9, 2023, 3:36 PM

          @viragomann Does the server read client config after created? Added iroute in pF's client config on the server, nothing changed.
          This OpenVPN server is just for this purpose. I've installed with script to simplify installation process and changed config after that.

          V 1 Reply Last reply May 9, 2023, 3:41 PM Reply Quote 0
          • V
            viragomann @dbadovsky
            last edited by May 9, 2023, 3:41 PM

            @dbadovsky said in Access to LAN behind pF OpenVPN CLIENT:

            Does the server read client config after created?

            If you state it with the client-config-dir directive, it does.

            Added iroute in pF's client config on the server, nothing changed.

            iroute is not supposed to use it in the server config. The server need to know the proper client to assign it.

            Look into the OpenVPN docs for help and details. I'm not as familiar with that stuff.

            D 1 Reply Last reply May 9, 2023, 4:21 PM Reply Quote 0
            • D
              dbadovsky @viragomann
              last edited by May 9, 2023, 4:21 PM

              @viragomann I added client config with "iroute" line to server's ccd dir but nothing changed.
              Of course I read OpenVPN docs, that's because I supposed to add "iroute" line to pF's ovpn config

              V 1 Reply Last reply May 9, 2023, 4:31 PM Reply Quote 0
              • V
                viragomann @dbadovsky
                last edited by May 9, 2023, 4:31 PM

                @dbadovsky
                In the server config replace

                route 192.168.11.0 255.255.255.0 10.9.0.4
                

                with

                route 192.168.11.0 255.255.255.0
                

                And check the server log for hint that the client file is applied.

                D 1 Reply Last reply May 9, 2023, 4:40 PM Reply Quote 0
                • D
                  dbadovsky @viragomann
                  last edited by dbadovsky May 9, 2023, 4:44 PM May 9, 2023, 4:40 PM

                  @viragomann

                  @viragomann said in Access to LAN behind pF OpenVPN CLIENT:

                  hint that the client file is applied

                  How can I check it? I only see client connected, IP and port, timers...

                  I see client's name, seems like nowhere to know it from than from client's config file on the server. Right?

                  V 1 Reply Last reply May 9, 2023, 4:45 PM Reply Quote 0
                  • V
                    viragomann @dbadovsky
                    last edited by May 9, 2023, 4:45 PM

                    @dbadovsky
                    In the OpenVPN log in /var/log/openvpn.log or wherever.

                    D 1 Reply Last reply May 9, 2023, 4:58 PM Reply Quote 0
                    • D
                      dbadovsky @viragomann
                      last edited by May 9, 2023, 4:58 PM

                      @viragomann exactly there. status.log. How can I check hint that the client file is applied?

                      Now I tried to delete client config from ccd and it connects. So it seems like server doesnt care about ccd.

                      V 1 Reply Last reply May 9, 2023, 5:02 PM Reply Quote 0
                      • V
                        viragomann @dbadovsky
                        last edited by May 9, 2023, 5:02 PM

                        @dbadovsky
                        The client file is not required for connecting, it's just for the routing.

                        In the openvpn.log you should see if the iroute is applied, when the client connects.

                        D 2 Replies Last reply May 9, 2023, 5:09 PM Reply Quote 0
                        • D
                          dbadovsky @viragomann
                          last edited by May 9, 2023, 5:09 PM

                          @viragomann Well, it seems like iroute is not applied, can't see something specific to that.
                          Tried to ping server from the LAN, it does. So the problem is in openvpn routing exactly. Server doesn't know where to find 11.0/24 in spite of route in OS.

                          1 Reply Last reply Reply Quote 0
                          • D
                            dbadovsky @viragomann
                            last edited by May 9, 2023, 5:23 PM

                            @viragomann SOLVED!!!
                            "iroute" line should be NOT in .ovpn file. I created same-name extensionless file and now I hale route in log and I can see LAN. Thank you!

                            V 1 Reply Last reply May 9, 2023, 5:26 PM Reply Quote 0
                            • V
                              viragomann @dbadovsky
                              last edited by May 9, 2023, 5:26 PM

                              @dbadovsky
                              Yeah, it has to be in the client specific file, mentioned above.

                              Nice that you got it sorted.

                              1 Reply Last reply Reply Quote 0
                              15 out of 15
                              • First post
                                15/15
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                This community forum collects and processes your personal information.
                                consent.not_received