New added physical NIC can not access openvpn networks created before
-
Hi everyone
first of all i want to thanks this opensource project with advanced firewall features and web-UI
I've been using pfsense for about two years and facing problems that try to solve them by searching on forums and internet. but now I'm facing a problem that can not find any solution or discussion about it and want to see anybody can help?
i config a virtual machine on proxmox in my homelab and install pfsense on it with two NIC. one of them is for WAN with static IP address and the other one is for LAN. then i config openvpn server with peer-to-peer shared key and connect my workplace pfsense as a client to access workplace network from home and home network from workplace. everything work perfectly fine until i added new linux bridge in proxmox and attach it to pfsesnse VM as third physical Network. assign it as interface and enable it. set static ip then allow all ipv4 traffic in firewall rules. the problem is i can not access my workplace network from new created network (third NIC). after several hours of trying and error i decided to create new openvpn server and client in my workplace and facing no problem with new openvpn server. then i deleted old openvpn server interface and created it again just like vpn server that work fine but it doesn't help. the question is why openvpn server created after add new NIC works fine but the openvpn servers created before not working with new NIC network even after delete and recreate it?
any help?
thanks. -
@Farh
Did you add the new subnet to the "Remote networks" on the work pfSense?
Or even to the "Local networks" on the server if the client accepts pushed routes? -
@viragomann
Thank for your reply
Actually i don't want to access to this network from work and i only need to access work from this network so no i did not.
As it is on "Peer to Peer" Mode and pfsense 2.6.0 there is no option for "Local networks" in this mode. i think it is for "Remote access" mode.
Beside i created new test server and client with exactly the same options and only different IPs but it works perfectly fine from LAN and new OPT network and routing table look exactly the same for both networks. -
@Farh said in New added physical NIC can not access openvpn networks created before:
Actually i don't want to access to this network from work and i only need to access work from this network so no i did not.
The route is needed for either direction of access.
You can control the access by firewall rules then. -
@viragomann
Thank you very much for help. IT WORKS.
i can guess why it is required. i think it's because source address not change while establishing connection and destination should know about route to answer otherwise packets will be lost.
But I'm a little confused why other one work without it?
Any suggestion ? -
@Farh
To get an idea, what's the reason for this, I had to know your subnets and OpenVPN settings.Basically in a site-2-site VPN you need to have the respective remote networks stated in the "remote networks" field on both nodes, either each particular or a wide one that includes all subnets, as long as you do not masquerade the traffic with an outbound NAT rule.
To investigate you can check out Diagnostic > Routes. You should see the remote subnets pointing to the virtual IP of the remote endpoint.
-
@viragomann
I will try to check and if i found the reason i will post it on here. maybe it help somebody else.
anyway thank you for your help and quick response.