Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    I can't contact roadwarrios from the WAN interface

    OpenVPN
    3
    6
    2530
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Aierk last edited by

      Hi all:
      Im a new user of PfSense (great product by the way) and i'm installing a vpn server for roadwarriors, this is the network diagram:

      Internet              Work LAN (exposed networks,10.10.0.0,10.10.8.0,10.10.1.0,10.10.0.3,etc /24)
      |                            |
      –------------------ WAN -- PFSENSE(VPN server) --- tun0 --- ROADWARRIORS (10.10.6.0/24)
                                (Internet ip)               
                                                                ---------------- LAN (captive portal) 10.10.5.0/24

      So all works fine:
      Ping and conections from roadwarriors to WORK LAN  ..... OK
      Ping and conections from roadwarriors to LAN ............... OK
      Ping and conections from roadwarriors to VPN Server....... OK

      Ping and conections from VPN server to RoadWarrios ...... OK
      Ping and conections from WORK LAN to RoadWarrios ...... FAIL
      Ping and conections from LAN to RoadWarrios ...... FAIL

      I dont really know why i can't ping from work lan to a vpn subnet, traceroute 10.10.6.x from Work Lan only reaches vpn server (WAN IP)
      I have the rule "any to any" on WAN, LAN and OPT1(tun0). Without assign OPT1 it's the same problem.

      Any ideas?

      Thanks for your time.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        It's not immediately clear in that diagram… Is the same pfSense box your WAN and VPN server? Or is that two separate router boxes?

        Are you sure you are pinging the right address for the roadwarrior client?

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • A
          Aierk last edited by

          @jimp:

          It's not immediately clear in that diagram… Is the same pfSense box your WAN and VPN server? Or is that two separate router boxes?

          Are you sure you are pinging the right address for the roadwarrior client?

          First of all, thank you for answer me.

          I hope this explain better the diagram.

          Let's see. The pfSense box have a wan interface and a Lan interface. The Wan interface comunicates the pfSense box to internet and to the "Work Lan". The Lan interface of pfSense comunicate to a wireless lan with a captive portal. The roadwarrios connects to the vpnserver through the ip address of the wan interface.

          in the  WORKLAN  I have this route:

          route add -net 10.10.6.0/24 gw <pfsense wan="" ip="">but i can't connect (or ping) from the "work lan" to the vpn clients. (there's no firewall between the WorkLan and the Wan interface of the pfSense server)

          Cheers and thanks.</pfsense>

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            You do not need that route added. If OpenVPN is running on that pfSense box, it knows the route internally and it would not be via the WAN IP. Remove the static route and it may work.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • K
              kpa last edited by

              Since you have private addresses on WAN side it's worth checking if you have "block private networks" turned on at Interfaces->WAN, turn it off if it's on.

              1 Reply Last reply Reply Quote 0
              • A
                Aierk last edited by

                Thanks everyone.

                I tried again on a fresh install with a different scenario. Still does not function as I want. Also use the same configuration file generated by pfSense to the OpenVPN server on a machine with CentOS linux and got the same result.

                I will spend time reading the documentation for OpenVPN again.

                Greetings and thanks again for responding.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post