Cannot connect to LAN servers apart from the pfSense LAN Interface IP address

dave1968

Just revisiting pfSense again after a few years.

WAN Interface IP is 192.168.3.100
LAN Interface IP is 192.168.3.100

I've followed many different instructions and the problem I have is I can connect with a client and can PING 192.168.4.100 but not any other clients (VM's) on my LAN network such as 192.168.4.101 etc. It's not just ping, it's no go for HTTP/HTTPS etc

Doing a "7" from the pfSense console allows me to ping any of my LAN IP's

Firewall rules as setup by the wizard are all ok and in place.

Do I need a NAT rule for this to work?

Dave

the other

@dave1968 said in Cannot connect to LAN servers apart from the pfSense LAN Interface IP address:

Just revisiting pfSense again after a few years.

WAN Interface IP is 192.168.3.100
LAN Interface IP is 192.168.3.100

Are you sure?
WAN and LAN interface both with same IP?? Looks wrong, feels wrong...probably is wrong. :) Just a typo or your actual settings?

dave1968

@the-other

sorry yes - a typo, have rectified. LAN is 192.168.4.100

johnpoz

@dave1968 pfsense has nothing to do with devices on the same network talking to each other, ie if your device on the 192.168.4 network pinging another device on the 192.168.4 network.

Your going to have to give us more to go on.. Are you vpning into pfsense from remote or something?

dave1968

@johnpoz

I'm saying my internet connected client ( 10.8.0.x) can ping my LAN address for the pfSense server which is 192.168.4.100 - but cannot ping or connect with any protocol to other addresses on the 192.168.4.x network.

In the setup the LAN subnet for the OpenVPN clients is 192.168.4.0/24 which should allow it.

The route print (as done in the Window's client, seems valid.

Gertjan

@dave1968 said in Cannot connect to LAN servers apart from the pfSense LAN Interface IP address:

my internet connected client ( 10.8.0.x)

What are the firewall rules on the OpenVPN interface ?

@dave1968 said in Cannot connect to LAN servers apart from the pfSense LAN Interface IP address:

In the setup the LAN subnet for the OpenVPN clients is 192.168.4.0/24 which should allow it.

That rule will allow traffic from LAN device (192.168.4.1 => 254) - to enter the LAN interface.
Your OpenVPN (a server, right ? ) connected devices will use their own interface ( 10.8.0.x ) and their own firewall rule(s) for that interface.

johnpoz

@dave1968 said in Cannot connect to LAN servers apart from the pfSense LAN Interface IP address:

but cannot ping or connect with any protocol to other addresses on the 192.168.4.x network.

And do these other devices have firewalls? Just because you route the traffic through pfsense and pfsense allows it, doesn't mean their firewalls do.

Do these devices you are trying to ping even use pfsense as their gateway.

Is the mask for their networks /24, or something else. For example if the device your trying to ping has a /16 - then no they wouldn't answer because they would think 192.168.8 is local for them.

Those are 3 reasons off the top of my head.. Like I said your going to have to provide more info.

the other

okay,
thought it might be just a typo...
Is your openVPN server running on pfsense itself?
What are your rules for the openVPN Interface?
Your openVPN tunnel IP range is 10.8.0.0/24 (?)), so your vpn client gets some out of there...
As @Gertjan said: make sure your openVPN inteface has the rules needed to ping and reach your LAN (192.168.4.0/24)...
Also as @johnpoz said...do you have your vms and servers and other stuff behind another firewall? VMs i.E with proxmox server and there firewall active? NAS running with its own firewall active? Then go there and allow either your VPN tunnel net or (better imho) give your VPN client a static IP (iE 10.8.0.2/24) and allow just that one...(and others, if needed).
:)