Cannot Ping Internal LAN - OpenVPN

jbcortezf

Hello All!

I just created a pfsense server inside Oracle Cloud (OCI) with just the WAN Network card (that has Public and Private address together).

PS: I don't know what heck is not possible to me to add a second VNIC to be the LAN Network (I can add of course the vnic on Oracle oci, the question is that Pfsense just stops working - I lost connection with the UI).. anyway.. I kept with just the WAN Network.

To the setup:

My OCI Private LAN Address is 10.0.0.0/16.

My OCI Pfsense Server has just one vNIC with the Public IP (xxx.xxx.xxx.xxx) and the Private Address 10.0.0.60.

I have an Oracle DB Server inside this Private Network (same compartment and VPC) with the IP Address 10.0.0.215.

From my PFsense OCI Server I can ping this Oracle DB Server on IP 10.0.0.215.

Great :)

Now the problem:

I did created in this Pfsense inside Oracle Oci an OpenVPN Server (Peer-to-Peer) and Established connection between my house (my home pfsense) with Oracle Oci. - OK

From my PC (my internal home network) I can ping the private IP of my Pfsense OCI server (10.0.0.60) but cannot ping the Oracle Server (10.0.0.215).

Also, from Pfsense on OCI I can ping my home pfsense IP (192.168.1.1) but cannot ping my PC IP - 192.168.1.103.

It's obviuos there's some link missing that needs to be add, some firewall rule or routing or anything else that I'm not that guy on networking and I'm lacking skills :D.

Can some of you help me with that? it should be something easy for an experienced Pfsense Professional :(

Thanks so much!!

viragomann

@jbcortezf
Is pfSense the default gateway in OCI?

Do you have entered 10.0.0.0/16 at "local networks" in the OpenVPN server settings?

Does OCI allow access from your home (security group)?

Does the DB server accept connections from outside by its firewall?

For accessing your home PC, you need to create a CSO on the OpenVPN server. Further more your PC might block access from outside by its firewall.

jbcortezf

@viragomann Hi!! thanks for helping!

No, my default gateway is 10.0.0.1. I did tried to move it to my Pfsense IP but it crashes and I had to turn it back configuration to standard 10.0.0.1. I also did add one more gateway to 10.0.0.60 also freezes.

All the rest, connections, security groups and so on are very well setup and pinging each other. The question is coming outside :/

jbcortezf

@viragomann

Do you have entered 10.0.0.0/16 at "local networks" in the OpenVPN server settings? Yes

Does OCI allow access from your home (security group)? Yes

Does the DB server accept connections from outside by its firewall? Yes

For accessing your home PC, you need to create a CSO on the OpenVPN server. Further more your PC might block access from outside by its firewall. - What is a CSO?

viragomann

@jbcortezf
The machines will send responses to their default gateway. If this is not pfSense you have to route the home network to pfSense.
As a workaround you can add an outbound NAT rule on pfSense for masquerading, if the VPN is for your private purposes.

What is a CSO?

VPN > OpenVPN > Client Specific Override