OpenVPN: no longer access to my LAN, why?
-
Hi,
I have no idea, why my openVPN is no longer working?
It already worked.
There were no upgrades to pfSense community edition.
I also did not make any changes on my pfSense.
But I can not access my internal LAN anymore.
I still can access the remote-network which is connected via IPsec.
So I'm connecting from my client's openVPN (this works) and try to ping a server in my LAN (fails) and another server (ok) which is connected via IPsec to my pfSense.
I can see, with Packet-capture, the echo-requests arriving on my openvpn-interface, but I do not see the replies.
But on the target server I even to not see the echo-requests.
So it must be the pfSense.
Any ideas?
Thanks. -
@kuchenmann said in OpenVPN: no longer access to my LAN, why?:
Any ideas?
Many....
- Logfiles on the pfSense and client side
- check routing table on the client
- try packet capture, do you see packages incoming?
*...
-
@kuchenmann said in OpenVPN: no longer access to my LAN, why?:
I can see, with Packet-capture, the echo-requests arriving on my openvpn-interface, but I do not see the replies.
You see the echo requests on the VPN interface, but not on LAN, when sniffing the traffic?
What if you ping the LAN server from pfSense Diagnostic > Ping from default source and then from any other interface IP, if there are any apart from WAN?
You can simultaneously sniff the LAN traffic to see, what's going on. -
After I've turned off the IPSec-Tunnel it worked again.
It routed everything to the IPSec-Tunnel.
Of course I have a route 192.168.0.0/16 into the IPSec-tunnel and my local LAN is 192.168.1.0/24, but this normally should work (and it did), because the LAN is locally connected and connected routes are better than static.But I do not have so many subnets behind the IPSec-tunnel, so I can route only the needed subnets.