Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    route between OpenVPN client to pfSense LAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 408 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lifespeed
      last edited by lifespeed

      I connected an OpenVPN client to my pfSense network using the following tunnel addresses:

      192.168.2.0/24
fd45::/64

      The pfSense LAN network addresses are:

      192.168.1.0/24
2601:xxxx:xxxx:3800::/64

      IPv6 is fully functional on this network including a server with GUA IPv6 accessible from WAN.

      I can ping hosts on the pfSense LAN from the OpenVPN client by IP address, but not by hostname. Do I need to setup a static route? What are the details of doing so? I would like pfSense DNS to handle the OpenVPN client requests so I can interact with pfSense LAN as if the OpenVPN client was physically on the network.

      1 Reply Last reply Reply Quote 0
      • L
        lifespeed
        last edited by lifespeed

        From a remote OpenVPN client I can access web servers running on the host on the OpenVPN server LAN only by LAN IPv4 address, not host name or IPv6. I can't ping the windows host by IPv4 or IPv6 nor by hostname despite pushing routes in the OpenVPN advanced configuration. It almost seems as though the client isn't using pfSense as the DNS server, which is running DNS resolver. Is a route available between VPN and LAN subnets, as I can access hosts on the pfSense LAN by IPv4 address? Why not IPv6 or hostname? Does it matter I put fd45::0/64 in the IPv6 tunnel network, what should I put there?

        Here are some of the OpenVPN server settings:

        openvpn tunnel settings.png
        openvpn advanced client.PNG
        openvpn advanced config.png

        Here is a windows 10 host on the LAN that I can access it's web servers:

        Windows IP Configuration

   Host Name . . . . . . . . . . . . : media-server-pc
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : mypublicdomain.com

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . : mypublicdomain.com
   Description . . . . . . . . . . . : Mellanox ConnectX-3 Ethernet Adapter
   Physical Address. . . . . . . . . : EC-0D-9A-2C-14-70
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:xxxx:xxxx:3800:f749:b327:f336:3572(Preferred)
   IPv6 Address. . . . . . . . . . . : fd38:xxxx:xxxx:1:367c:dfef:fcbc:5eeb(Preferred)
   Link-local IPv6 Address . . . . . : fe80::a0e7:5877:e5e8:4035%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.50(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, December 21, 2023 4:05:15 PM
   Lease Expires . . . . . . . . . . : Monday, January 1, 2024 6:38:52 PM
   Default Gateway . . . . . . . . . : fe80::225:90ff:febb:bf0c%4
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 552340890
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-19-13-C7-40-8D-5C-B6-47-55
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       2601:xxxx:xxxx:3800:225:90ff:febb:bf0c
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       mypublicdomain.com

        Here is the Windows 10 OpenVPN client ipconfig:

        Windows IP Configuration

   Host Name . . . . . . . . . . . . : oo-reg01-lt
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Unknown adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
   Physical Address. . . . . . . . . : 00-FF-82-8B-3D-A8
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:xxxx:xxxx:3800::1000(Preferred)
   Link-local IPv6 Address . . . . . : fe80::567c:53a3:83c7:7d99%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 687931266
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-F3-39-C1-B4-A9-FC-EF-76-C2
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

        I notice the VPN client ipconfig doesn't say it is on mypublicdomain.com, is that a problem? Where have I gone wrong in connecting the VPN client to the OpenVPN LAN?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.