Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing LAN traffic to OpenVPN Client

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 2 Posters 234 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AddleDIT
      last edited by

      I have a Synology NAS offsite as a client to my PFSENSE router via OpenVPN on subnet 192.168.11.x
      This is connected fine and I can ping my NAS from the router

      Additionally, where I am connected to to my VPN with a client offsite I can access the computers on my LAN on subnet 192.168.77.x no problem

      I can ping the NAS from my PFSENSE router which is the OpenVPN server and receive the replies

      However, when I try to ping the NAS from a machine on the LAN, or access its network shares I cannot do so.

      I have added the following rules to the firewall to see if I can move things along but I feel I am missing something. Can anyone point to what I am doing wrong?

      RULE.JPG

      RULE2.JPG

      RULE3.JPG

      RULE4.JPG

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @AddleDIT
        last edited by

        @AddleDIT
        The NAS might block access from outside of its own subnets. You will have to configure its firewall to allow it.
        I assume, that the route to the LAN is added properly to the NAS, but you should verify this also.

        BTW: The rule on the OpenVPN with the LAN subnet as source is pretty useless. Rules have to be defined on the interface, where the initiate connection is coming in. The VPN interface will never see a packet coming in from the LAN subnet, however.

        1 Reply Last reply Reply Quote 0
        • A
          AddleDIT
          last edited by

          I put a windows machine with an SMB network share on the same VPN offsite and I still have the same issue on that machine also. The two offsite VPN clients SMB cannot be accessed while connected to the VPN nor can they be pinged, but interestingly RDP does work both ways.

          There is no firewall on the NAS or the Windows computer, so I am pretty sure this is a routing issue.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @AddleDIT
            last edited by

            @AddleDIT
            Also Windows blocks access from outside of its subnet by default.

            Do you try to access the SMB by IP or by host name? IP should work at least.

            I cannot help you with your devices firewalls. But you can investigate, whats going on, on pfSense with Diagnostic > Packet Capture.
            Select the VPN interface, enter 445 in the port filter, start the capture and try to access the NAS.
            Stop the capture and post, what you get.

            1 Reply Last reply Reply Quote 0
            • A
              AddleDIT
              last edited by

              I am using IP, not hostname

              Here is a packet capture from the call on the NAS to the point it says can't connect

              Packet capture.JPG

              I made the Open VPN server an interface

              interface.JPG

              And stuck it in a bridge with the LAN and rebooted

              bridge.JPG

              Now I can ping the openvpn server gateway on 192.168.11.1 and get replies from my desktop, but cant ping the NAS from same

              pingovpn.JPG

              If I test the port from the openvpn server interface it works

              opt2445.JPG

              But if I try the same from my lan interface it does not

              lan2445.JPG

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @AddleDIT
                last edited by

                @AddleDIT
                So you see only request packets, but no replies. This indicates, that the access is blocked by the destination device as I suspected first.

                Bridging the VPN to the LAN is not recommended at all! If you don't know, how to configure your NAS properly to accept access from the remote network, your should better do masquerading on pfSense.

                A 1 Reply Last reply Reply Quote 0
                • A
                  AddleDIT @viragomann
                  last edited by AddleDIT

                  @viragomann

                  I have done this but the performance is woeful with both the clients on the VPN. Or do you mean something different? I might try it the other way around and make the NAS a VPN host

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @AddleDIT
                    last edited by

                    @AddleDIT
                    I'm talking about natting the traffic. I don't expect this to have any impact noticeable on the impact on the performance. Rather bridging does.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.