Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Accessing all pfSense Subnets from OpenVPN Server (thinking its a Firewall Rule issue)

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 377 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DaHai8
      last edited by DaHai8

      I have a RPI4 VPN Client connected to a RPI4 VPN Server over the Internet.
      The server is on 172.27.3.100
      The client is on 192.168.1.100 on a pfSense box
      The client pfSense network also has: 192.168.2.0/24 and 192.168.3.0/24 on their own physical Ethernet Ports.

      To the Server config, I added:

      route 192.168.0.0 255.255.0.0
client-config-dir /etc/openvpn/server/ccd/

      in the ccd folder, I added a file of the client name of the .opvn file it is using( client). Into that file I added:
      iroute 192.168.0.0 255.255.0.0

      After rebooting the Server, I can access and ping any device on 192.168.1.0/24 (where the client lives) from the Server side.
      But I cannot access or ping any device on 192.168.2.0/24 or 192.168.3.0/24.
      However if I log directly in the client (not through VPN), I can ping and access all the devices on the other two networks.

      I've gone over the OpenVPN docs for "Including multiple machines on the client side when using a routed VPN (dev tun)":
      https://openvpn.net/community-resources ... er-subnet/

      It's just one client to one server, so I don't believe I need routing to all clients.

      So this appears to not be a VPN issue, but maybe a Firewall Rules setting in pfSense?

      Like its blocking access to the other two networks (192.168.2.0/24 and 192.168.3.0/24) from 172.27.3.0/24 because it's not a native local network?

      Any ideas?
      Need more info?

      1 Reply Last reply Reply Quote 0
      • D
        DaHai8
        last edited by DaHai8

        This appears to resolve this issue:

        iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

        Thanks everyone for all the help 🙄

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @DaHai8
          last edited by

          @DaHai8 pfsense doesn't use iptables - so no clue to what your talking about.. That sure didn't fix it.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.