Having trouble accessing NAS through VPN server

Gertjan

@azdeltawye said in Having trouble accessing NAS through VPN server:

I thought PfSense automatically adds VLAN subnets

Where did VLANs come from ?
So you do have a 192.168.200.1/24 interface ? (LAN, or VLAN doesn't matter, as long as it is set up correctly).

VLAN need a setup on the pfSense side, and on the smart 'VLAN capable side' switch side.

azdeltawye

@Gertjan said in Having trouble accessing NAS through VPN server:

Where did VLANs come from ?

huh??
I configured them when I designed the network years ago... You can see the different interfaces of my network from the screenshot on post #16. Here is a summary of how the network segments are defined:

Yes, all the layer 2 switches and APs are capable of VLAN tagging...

So when I log into my VPN server with my iPhone from a remote location, I am able to ping random devices on every VLAN listed above in my network. However, I cannot ping the Synology NAS (192.168.200.4). But, I am able to ping my backup 'NAS' (192.168.200.5). My backup 'NAS' is just an old Asus RT-AC86 router with a Samba SSD plugged into the USB port. I cannot access either NAS from the File Explorer app on my iphone.

Now when I am at home and my iPhone is on the 200 VLAN network, I can ping and access both NAS devices with the File Explorer app.

Gertjan

@azdeltawye said in Having trouble accessing NAS through VPN server:

huh??

Don't worry. I thought you had a single pfSense LAN, 192.168.125.0/24 and a NAS using 192.168.200.4 on that LAN.
That will fail of course.
But solved now : you have more then one LAN ^^ Your NAS lives on the LAN called 'HOME' :

Check that :

has been set to /24.

Check that your OpenVPN interface firewall says :

Btw : You've two of them : 10.0.20.0/24 and 10.0.10.0/24.

About :

I would presume that your iPad would have a 10.0.10.0/24 or 10.0.20.0/24 IP when connected to the VPN, not this 10.208.190.248 IP (where did that came from ?)

azdeltawye

@Gertjan
Actually, the NAS's live on the USER .200 network.

Yes, it is a /24.

Yeah, I have the OpenVPN server subnets rule to allow all traffic.

What advanced settings do you have in your VPN interface rule? I see a gear symbol next to the pass check mark. Is that something that may help?

That private address assigned to my iPhone (10.208.190.248) is puzzling. It appears to be a Verizon thing. If I go to Starbucks and jump on their WiFi, or work, it shows the same address.. Just for kicks, I put that IP in the VPN interface rule shown above but that had no effect. My iPad does not have any of that since it has no SIM card.

Gertjan

@azdeltawye said in Having trouble accessing NAS through VPN server:

What advanced settings do you have in your VPN interface rule?

Just the "Allow IP options" set :

Probably not needed.

Btw : my OpenVPN interface firewall rule set is empty :

as I've created an "VPNS" for my OpenVPN server :

so it's has it's own dedicated interface with rule set :

This is also most probably a way of doing things, and not important.