OpenVPN and dual WAN
-
Hi eveyone;
I am trying to enable access to my LAN resources via OpenVPN connecting via the non default gateway.I have searched the forum and found
I either need to
a) Put the route in the gateway
b) Add NAT on the LANCan someone assist
LAN 10.10.10.0/24
OVPN subnet 10.10.11/24
WIP (Default WAN)
OPT1 (WAN2)Do I add a custom option in the ovpn Advanced config ?
Thanks in advance
Ian
-
@hillblock
All you need is a firewall pass rule on the incoming interface allowing the OpenVPN traffic and to ensure that it is applied to the OpenVPN packets.Remember that floating rules and interface group rules have precedence over interface rules. So if there is any pass matching the OpenVPN traffic, you have to remove it or change it, so that it isn't applied to it.
-
@viragomann
QUick check of my floating rules......OVPN interface was in a floating rule (PFblockerNG)Tested still no access (especially PFsense gui) to LAN
Ian
-
@hillblock
But the client is connected successfully and the connection is stable?
So this might not be an issue due to multi WAN.Did you state 10.10.10.0/24 at "Local networks" in the server settings?
Is there a rule in place on the OpenVPN interface allowing access to the LAN?
At least with this you should be able to access the pfSense GUI using the LAN IP. -
@viragomann
Yes client connects and is stable10.10.10.0/24 is in the VPN server settings
OVPN rules in the screenshot attached
RE: MultiWAN
Default (WIP) and Backup (OPT1) gateways are in a Gateway group called Failover (WIP) is tier 2 and OPT1 tier 5
Thanks for your help
Ian -
@hillblock
You LAN address is policy routed to a gateway (group).
This will never pass access to the GUI. -
-
@hillblock
The problem in this thread is that the VPN endpoint is not the default gateway. In this case an outbound NAT rule enables you to access the local network.
But the NAT has no impact on accessing the web GUI of pfSense, since this traffic doesn't doesn't go out on an interface.