Unable to access a subnet once connected
-
I connect to pfsense using OVPN:
My ip: 172.30.0.5
pfSense ip: 172.30.0.1The pfSense box has an interface with a server connected:
interface ip: 10.44.96.4
server ip: 10.44.96.3pfSense can ping the server however not when I specify the source as the remote access interface.
I have a FW rule that allows access to all on the remote access interface.
From my remote PC I am unable to ping 10.44.96.4
What is required in order for me to access the remote server from my remote PC?
-
Ping from your device, 172.30.0.5, not from pfSense.
If "10.44.96.3" is a device on your LAN ( pfSense LAN is 10.44.96.4 ?? strange .... ) then execute a packet capture on your LAN, use protocol ICMPv4, add the IP "10.44.96.3" and sniff.
Did you see the packets coming from your VPN device ?
The packets are now on your LAN ... so they will reach your server. Did your server answers these pings ? If not, go ask your server why it doesn't answer ^^Your firewall rule should look like this :
where VPNS is my OpenVPN server interface.
-
I have added the subnet to the list of IPv4 Local Networks in the OVPN server settings and from a remote PC (172.30.0.5) I can now ping 10.4.96.4
I am still unable to ping the remote server IP 10.44.96.3 from the remote PC
My FW rule matches yours.
Packet capture
02:38:51.156757 IP 172.30.0.5 > 10.44.96.3: ICMP echo request, id 2, seq 9213, length 40 02:38:55.763658 IP 172.30.0.5 > 10.44.96.3: ICMP echo request, id 2, seq 9214, length 40 02:39:00.781688 IP 172.30.0.5 > 10.44.96.3: ICMP echo request, id 2, seq 9215, length 40 02:39:05.770749 IP 172.30.0.5 > 10.44.96.3: ICMP echo request, id 2, seq 9216, length 40 -
The packet capture is taken from the interface LAN ?
This means these packets coming from your VPN client device are present on the interface of the device 10.44.96.3, and it doesn't answer.
The requests are there.
Is the server set up to answer to ping (it has a firewall also !).
Is rather classic that a device - like any Windows PC by default - answers only to requests coming from its own LAN, and nothing else. You have to inform it that it also has to accept connections from other networks, like other LANs and VPN. -
It's a Linux server.
Interestingly, it'll respond to pings from pfSense only from the interface it is connected to.
The server & pfsense are connected to a private network "Vultr VPC 2.0"
VPC 2.0 networks are fully isolated networks that are accessible only by instances on your account.
This would explain why I am unable to ping from my remote access interface but can from the VPC2 connected interface.
So, is there a way to access the server (10.44.96.3) via the pfsense interface connected to the VPC 2 network (10.44.96.4) ?
-
If I get this right : any x out of 10.44.96.x ill do. But only from 10.44.96.0/24 network.
Your VPN is another network so you have to apply the message shown in the bleu box.
If you want to change that, change server settings. -
Appreciate the prompt responses however I am now lost :)
-
That makes two of us.
I don't know what this is or what it means or why you want it :@McMurphy said in Unable to access a subnet once connected:
VPC 2.0 networks are fully isolated networks that are accessible only by instances on your account.
-
I have pfSense running as a VM and another server running as a VM
I only want to the server accessible if a user is connected to pfSense via OVPN.Both VMs are running on Vultr and Vultr has the ability to place VMs on a private network so I have the server connected to this private network and an interfaces on pfSense.
https://docs.vultr.com/how-to-create-a-vultr-virtual-private-cloud-2-0
Is there an easier way to name this server only accessible when I am connected via OVPN?
-
Did you set up Access control lists for your OpenVPN interface?
-
No sure what you mean. Never used these before.
