Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense as OpenVPN client - routing from LAN to other OpenVPN clients [SOLVED]

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 3 Posters 33.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rblecher
      last edited by

      I have pfsense 1.2.3 setup as an OpenVPN client that connects to a remote OpenVPN server (to which other OpenVPN clients are also connected).  I can't figure out how to get machines on the LAN (behind pfsense) to reach any of the other OpenVPN clients.  In other words, I can access the other OpenVPN clients from the pfSense machine, but not from any machines on the LAN behind pfsense.  I've tried everything I could find on this board, but nothing has worked.

      How do I get my LAN to route connections to the OpenVPN subnet over the OpenVPN tunnel?

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        Is the pfSense server the default gateway for the LAN machines?  Do the LAN machines have a static route for those subnets via another gateway?

        1 Reply Last reply Reply Quote 0
        • GruensFroeschliG
          GruensFroeschli
          last edited by

          Also did you push the route for the LAN to the clients?

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • R
            rblecher
            last edited by

            @Cry:

            Is the pfSense server the default gateway for the LAN machines?  Do the LAN machines have a static route for those subnets via another gateway?

            The pfSense server is the default gateway for the LAN.  There is no static route for the OpenVPN subnet, so the pfSense server should be handling all traffic from the LAN machines to the OpenVPN subnet.

            1 Reply Last reply Reply Quote 0
            • Cry HavokC
              Cry Havok
              last edited by

              And as GruensFroeschli said, what about on the VPN - do the clients on the VPN know how to reach the LAN?

              1 Reply Last reply Reply Quote 0
              • R
                rblecher
                last edited by

                @Cry:

                And as GruensFroeschli said, what about on the VPN - do the clients on the VPN know how to reach the LAN?

                I followed the steps in the section "Including multiple machines on the client side when using a routed VPN (dev tun)" of
                http://openvpn.net/index.php/open-source/documentation/howto.html#scope

                I can now access (ping) from other OpenVPN clients to machines in the LAN subnet, but I still can't access other OpenVPN clients (using their OpenVPN IPs) from LAN machines.  I tried setting up a static route and and firewall rules in pfSense, but nothing seems to work.

                1 Reply Last reply Reply Quote 0
                • Cry HavokC
                  Cry Havok
                  last edited by

                  If you can ping from the OpenVPN client to the LAN then routing is working.  Anything else comes down to firewall rules, either on the clients or on the pfSense host.

                  Do you have rules on the LAN interface allowing communication to the OpenVPN subnet (remember, the default is block)?  Do the OpenVPN clients have any software firewalls?  Is the unspecified service you're trying to access bound to the OpenVPN interface on the client?

                  1 Reply Last reply Reply Quote 0
                  • R
                    rblecher
                    last edited by

                    @Cry:

                    If you can ping from the OpenVPN client to the LAN then routing is working.  Anything else comes down to firewall rules, either on the clients or on the pfSense host.

                    **Do you have rules on the LAN interface allowing communication to the OpenVPN subnet (remember, the default is block)? ** Do the OpenVPN clients have any software firewalls?  Is the unspecified service you're trying to access bound to the OpenVPN interface on the client?

                    I had to add the rules to the LAN interface to allow traffic from the LAN net to the OpenVPN subnet.  Now it works. Thanks!

                    So to summarize, getting this to work required me to do the following:
                      1. I followed the steps in the section "Including multiple machines on the client side when using a routed VPN (dev tun)" of http://openvpn.net/index.php/open-source/documentation/howto.html#scope
                      2. Add a rule to the LAN interface to allow all traffic from the LAN net to the OpenVPN subnet.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.