I can't contact roadwarrios from the WAN interface



  • Hi all:
    Im a new user of PfSense (great product by the way) and i'm installing a vpn server for roadwarriors, this is the network diagram:

    Internet              Work LAN (exposed networks,10.10.0.0,10.10.8.0,10.10.1.0,10.10.0.3,etc /24)
    |                            |
    –------------------ WAN -- PFSENSE(VPN server) --- tun0 --- ROADWARRIORS (10.10.6.0/24)
                              (Internet ip)               
                                                              ---------------- LAN (captive portal) 10.10.5.0/24

    So all works fine:
    Ping and conections from roadwarriors to WORK LAN  ..... OK
    Ping and conections from roadwarriors to LAN ............... OK
    Ping and conections from roadwarriors to VPN Server....... OK

    Ping and conections from VPN server to RoadWarrios ...... OK
    Ping and conections from WORK LAN to RoadWarrios ...... FAIL
    Ping and conections from LAN to RoadWarrios ...... FAIL

    I dont really know why i can't ping from work lan to a vpn subnet, traceroute 10.10.6.x from Work Lan only reaches vpn server (WAN IP)
    I have the rule "any to any" on WAN, LAN and OPT1(tun0). Without assign OPT1 it's the same problem.

    Any ideas?

    Thanks for your time.


  • Rebel Alliance Developer Netgate

    It's not immediately clear in that diagram… Is the same pfSense box your WAN and VPN server? Or is that two separate router boxes?

    Are you sure you are pinging the right address for the roadwarrior client?



  • @jimp:

    It's not immediately clear in that diagram… Is the same pfSense box your WAN and VPN server? Or is that two separate router boxes?

    Are you sure you are pinging the right address for the roadwarrior client?

    First of all, thank you for answer me.

    I hope this explain better the diagram.

    Let's see. The pfSense box have a wan interface and a Lan interface. The Wan interface comunicates the pfSense box to internet and to the "Work Lan". The Lan interface of pfSense comunicate to a wireless lan with a captive portal. The roadwarrios connects to the vpnserver through the ip address of the wan interface.

    in the  WORKLAN  I have this route:

    route add -net 10.10.6.0/24 gw <pfsense wan="" ip="">but i can't connect (or ping) from the "work lan" to the vpn clients. (there's no firewall between the WorkLan and the Wan interface of the pfSense server)

    Cheers and thanks.</pfsense>


  • Rebel Alliance Developer Netgate

    You do not need that route added. If OpenVPN is running on that pfSense box, it knows the route internally and it would not be via the WAN IP. Remove the static route and it may work.



  • Since you have private addresses on WAN side it's worth checking if you have "block private networks" turned on at Interfaces->WAN, turn it off if it's on.



  • Thanks everyone.

    I tried again on a fresh install with a different scenario. Still does not function as I want. Also use the same configuration file generated by pfSense to the OpenVPN server on a machine with CentOS linux and got the same result.

    I will spend time reading the documentation for OpenVPN again.

    Greetings and thanks again for responding.


Locked