Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Having trouble accessing NAS through VPN server

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 4 Posters 194 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      SteveITS Rebel Alliance @azdeltawye
      last edited by

      @azdeltawye dies the firewall on the NAS allow connections from the VPN device IP?

      Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
      Upvote 👍 helpful posts!

      A 1 Reply Last reply Reply Quote 0
      • A Offline
        azdeltawye @SteveITS
        last edited by

        @SteveITS
        Thanks for the reply. I disabled the firewall on the NAS and still get the same result.

        the otherT 1 Reply Last reply Reply Quote 0
        • the otherT Offline
          the other @azdeltawye
          last edited by

          @azdeltawye hey there,
          please post a screenshot of your firewall rule for your openVPN interface in use (rules > Interface), not just the log entry.
          What kind of internet access do you have (dual stack, dual stack lite / cgnat, IPv4 / 6 only)?

          don't know about iphones...so, just heard that they offer all kinds of stuff androids don't regarding network configs. Might want to take a look there as well (or try, if possible) with an android / linux / windows client).
          Can you ping your public IP (from outside your LAN)? Or better yet your DynDNS address? Does that work at all (first step)?

          the other

          pure amateur home user, no business or professional background
          please excuse poor english skills and typpoz :)

          A 1 Reply Last reply Reply Quote 0
          • P Offline
            pwood999
            last edited by

            Does the NAS have a route back through the VPN ? If it's default route is PfSense, then it should work ?

            Had something similar a while back on our work lab VPN. Some LAN devices would respond ok, but others needed a static route added to enable remote access via the VPN. Never figured out why, but the extra route solved it.

            A 1 Reply Last reply Reply Quote 0
            • A Offline
              azdeltawye @the other
              last edited by

              @the-other
              I’m on travel for the week so I’ll post the firewall rules when I get home.

              As for my internet, I have Comcast Xfinity with a publicly routeable address. Comcast offers ipv6 support but I only have ipv4 enabled. I use a DDNS service for remote access because my IP changes from time to time..
              I cannot ping my IP when I am remote. I don’t recall if I have a ICMP block rule on my WAN. I’ll check that as well when I get home.

              Thanks for the suggestions.

              the otherT 1 Reply Last reply Reply Quote 0
              • A Offline
                azdeltawye @pwood999
                last edited by

                @pwood999
                No static routes are in place, just the default settings in pfsense.

                1 Reply Last reply Reply Quote 0
                • the otherT Offline
                  the other @azdeltawye
                  last edited by

                  @azdeltawye yeah, but can you ping your dyndns address? That should also give you your actual public IP...can you ping that one?

                  the other

                  pure amateur home user, no business or professional background
                  please excuse poor english skills and typpoz :)

                  A 1 Reply Last reply Reply Quote 0
                  • A Offline
                    azdeltawye @the other
                    last edited by

                    @the-other
                    No, I cannot ping my ddns url. It resolves my WAN IP but times out on the ping attempt.

                    S 1 Reply Last reply Reply Quote 0
                    • S Offline
                      SteveITS Rebel Alliance @azdeltawye
                      last edited by

                      @azdeltawye do you have a firewall rule on WAN allowing ICMP?

                      Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                      When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
                      Upvote 👍 helpful posts!

                      A 1 Reply Last reply Reply Quote 0
                      • A Offline
                        azdeltawye @SteveITS
                        last edited by azdeltawye

                        @SteveITS
                        I do not have a rule to pass ICMP traffic in the WAN interface.

                        I’ll have to wait until I get home before I add a rule. Editing firewall rules via remote iPhone connection is sketchy at best…

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.