Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No access from lan

    OpenVPN
    2
    5
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Collingwood
      last edited by

      I have set up a client vpn and added  "route 208.85.40.80 255.255.255.0 5.18.192.1;"

      The route was added to my routing table, when I tracerouted from the pfsence console or web interface it correctly sent traffic out the 5.18.192.1 gateway.

      traceroute to 208.85.40.80 (208.85.40.80), 64 hops max, 40 byte packets
      1  5.18.192.1 (5.18.192.1)  167.806 ms  167.976 ms  168.025 ms
      2  209.144.203.65 (209.144.203.65)  168.778 ms  169.311 ms  169.194 ms
      3  comcast-net.lay.savvis.net (208.172.41.162)  171.222 ms  170.238 ms  170.947 ms
      4  pos-2-13-0-0-cr01.sanjose.ca.ibone.comcast.net (68.86.86.205)  180.531 ms  180.335 ms  180.069 ms
      5  68.86.87.146 (68.86.87.146)  181.419 ms  181.615 ms  181.563 ms
      6  as40428-1.529bryant.ca.ibone.comcast.net (75.149.229.170)  190.405 ms  191.221 ms  179.421 ms
      7  www.pandora.com (208.85.40.80)  178.692 ms  179.908 ms  179.058 ms

      The problem is when I try and traceroute from any of my internal subnets I get the following:

      traceroute to 208.85.40.80 (208.85.40.80), 30 hops max, 60 byte packets
      1  172.22.22.1 (172.22.22.1)  0.178 ms  0.166 ms  1.808 ms
      2  * * *
      3  * * *
      4  * * *
      5  * * *
      6  * * *
      etc….....

      Any thoughts appreciated.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Enable manual outbound NAT and add a rule for WAN that covers the OpenVPN client networks/tunnel networks.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          Collingwood
          last edited by

          Hi still not working.

          Outbound nat config:

          Interface WAN
          Protocol any
          Source 5.0.0.0/8 (VPN Subnet)
          Destination Any
          Translation Any

          Is this correct?
          Thanks

          1 Reply Last reply Reply Quote 0
          • C
            Collingwood
            last edited by

            Bump

            Still can't get this setup to work. I have been mucking around with the outbound NAT with no luck.
            Could someone elaborate further on how to set this up.

            Thanks

            lan 172.22.22.0/24
            openvpn 5.0.0.0/8

            1 Reply Last reply Reply Quote 0
            • C
              Collingwood
              last edited by

              All fixed Neil from 12vpn helped me out :

              "The important thing is not to put the rule on the WAN interface, but on the OpenVPN interface instead.

              If the VPN client is connected when you go to the NAT->Outbound rules you'll have the option to select WAN, LAN and OpenVPN."

              BTW, source and destination can both be "any". As long as the interface is set to OpenVPN and the translation address is set to "Interface address".

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.