Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pfsense as OpenVPN client - routing from LAN to other OpenVPN clients [SOLVED]

    OpenVPN
    3
    8
    30648
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rblecher last edited by

      I have pfsense 1.2.3 setup as an OpenVPN client that connects to a remote OpenVPN server (to which other OpenVPN clients are also connected).  I can't figure out how to get machines on the LAN (behind pfsense) to reach any of the other OpenVPN clients.  In other words, I can access the other OpenVPN clients from the pfSense machine, but not from any machines on the LAN behind pfsense.  I've tried everything I could find on this board, but nothing has worked.

      How do I get my LAN to route connections to the OpenVPN subnet over the OpenVPN tunnel?

      1 Reply Last reply Reply Quote 0
      • Cry Havok
        Cry Havok last edited by

        Is the pfSense server the default gateway for the LAN machines?  Do the LAN machines have a static route for those subnets via another gateway?

        1 Reply Last reply Reply Quote 0
        • GruensFroeschli
          GruensFroeschli last edited by

          Also did you push the route for the LAN to the clients?

          1 Reply Last reply Reply Quote 0
          • R
            rblecher last edited by

            @Cry:

            Is the pfSense server the default gateway for the LAN machines?  Do the LAN machines have a static route for those subnets via another gateway?

            The pfSense server is the default gateway for the LAN.  There is no static route for the OpenVPN subnet, so the pfSense server should be handling all traffic from the LAN machines to the OpenVPN subnet.

            1 Reply Last reply Reply Quote 0
            • Cry Havok
              Cry Havok last edited by

              And as GruensFroeschli said, what about on the VPN - do the clients on the VPN know how to reach the LAN?

              1 Reply Last reply Reply Quote 0
              • R
                rblecher last edited by

                @Cry:

                And as GruensFroeschli said, what about on the VPN - do the clients on the VPN know how to reach the LAN?

                I followed the steps in the section "Including multiple machines on the client side when using a routed VPN (dev tun)" of
                http://openvpn.net/index.php/open-source/documentation/howto.html#scope

                I can now access (ping) from other OpenVPN clients to machines in the LAN subnet, but I still can't access other OpenVPN clients (using their OpenVPN IPs) from LAN machines.  I tried setting up a static route and and firewall rules in pfSense, but nothing seems to work.

                1 Reply Last reply Reply Quote 0
                • Cry Havok
                  Cry Havok last edited by

                  If you can ping from the OpenVPN client to the LAN then routing is working.  Anything else comes down to firewall rules, either on the clients or on the pfSense host.

                  Do you have rules on the LAN interface allowing communication to the OpenVPN subnet (remember, the default is block)?  Do the OpenVPN clients have any software firewalls?  Is the unspecified service you're trying to access bound to the OpenVPN interface on the client?

                  1 Reply Last reply Reply Quote 0
                  • R
                    rblecher last edited by

                    @Cry:

                    If you can ping from the OpenVPN client to the LAN then routing is working.  Anything else comes down to firewall rules, either on the clients or on the pfSense host.

                    **Do you have rules on the LAN interface allowing communication to the OpenVPN subnet (remember, the default is block)? ** Do the OpenVPN clients have any software firewalls?  Is the unspecified service you're trying to access bound to the OpenVPN interface on the client?

                    I had to add the rules to the LAN interface to allow traffic from the LAN net to the OpenVPN subnet.  Now it works. Thanks!

                    So to summarize, getting this to work required me to do the following:
                      1. I followed the steps in the section "Including multiple machines on the client side when using a routed VPN (dev tun)" of http://openvpn.net/index.php/open-source/documentation/howto.html#scope
                      2. Add a rule to the LAN interface to allow all traffic from the LAN net to the OpenVPN subnet.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy