Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't access LAN from VPN clients

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 2 Posters 908 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zoiobnu
      last edited by

      I have the following setup on my firewall:

      LAN: 10.0.2.0/24
PROXMOX: 10.0.1.0/24
VPN: 10.0.4.0/24

      I can access LAN from PROXMOX and PROXMOX from LAN without problems, but i can't access LAN or PROXMOX from VPN.

      My config:

      28d8c89f-1a16-4295-9af4-e9adf6341487-image.png

      376638a8-d518-4816-9b34-5d12f40ee423-image.png

      d8dfb502-b8d1-469d-98b4-d78c6e9ccbc4-image.png

      fbac7309-675b-49e3-8057-42e2d22c7689-image.png

      ef0da474-3186-4b90-8dbc-a2621af8c9b0-image.png

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @zoiobnu
        last edited by

        @zoiobnu
        Is pfSenes the default gateway on all devices you want to reach via VPN?

        Note that pfSense filter rules has to be created on the interface, where the traffic is coming in. So rules for LAN source on Proxmox is useless. And also the other way round.

        "OpenVPN" is an interface group, and rule on group tabs have priority over rules on member interface. Therefor your OpenVPN rule shows some hits, while the VPN rule shows none.

        Z 1 Reply Last reply Reply Quote 0
        • Z
          zoiobnu @viragomann
          last edited by zoiobnu

          @viragomann I literally understood nothing of what you said.

          PfSense its my only firewall on network.

          VPN connects directly to the firewall, as well as the entire network.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @zoiobnu
            last edited by

            @zoiobnu
            So the communication should work from the point of routing.

            That the pass rule on the OpenVPN tab shows traffic and states, means that it let pass access.

            3bc37931-7038-4e93-b597-2fe511f4a251-grafik.png

            So possible it is blocked by the destination devices.
            On pfSense you can only sniff the traffic on the outgoing interfaces (Proxmox or LAN) with Diagnostic > Packet Capture for further investigation.
            If you see request packets, but no responses the destination device does not respond.
            If you see both also sniff the traffic on the VPN interface to see, if responses are directed back properly.

            Z 1 Reply Last reply Reply Quote 0
            • Z
              zoiobnu @viragomann
              last edited by

              @viragomann Ping receive on firewall but can't reply back

              f37c70fd-4d5f-435e-a739-7702d00c2012-image.png

              07194e3c-d5c7-4815-9556-80114c6385f5-image.png

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @zoiobnu
                last edited by

                @zoiobnu
                And how does the traffic look like on the VPN interface?
                Maybe responses are not routed back properly for whatever reason.

                Also ensure that hardware checksum offloading is disabled in System > Advanced > Networking.

                Z 1 Reply Last reply Reply Quote 0
                • Z
                  zoiobnu @viragomann
                  last edited by

                  @viragomann said in Can't access LAN from VPN clients:

                  Also ensure that hardware checksum offloading is disabled in System > Advanced > Networking.

                  Thanks this fixed my problem

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @zoiobnu
                    last edited by

                    @zoiobnu
                    This is strictly recommended, when running pfSense on KVM with VirtIO NICs: Virtualizing with Proxmox VE

                    The Proxmox guide is representative for any KVM installation.

                    Z 1 Reply Last reply Reply Quote 0
                    • Z
                      zoiobnu @viragomann
                      last edited by

                      @viragomann Now i can't connect to proxmox server only, but any other service is working

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.