No traffic between OpenVPN client and network.



  • hi, I am new to pfsense. managed to setup ipsec site-to-site tunnel through pfsense web interface. Now trying to configure openVPN for remote users. downloaded openVPN client software and managed to connect it to pfsense box from anywhere. when i connect to vpn server, it is giving an ip 192.168.12.10, can see on the server's openVPN status as well but i could neither ping this IP nor see it in ipconfig. couldn't ping & browse LAN. I am missing something, but dont know what it is. please help me. thanks



  • You have to edit the firewall rule for your OpenVPN.
    You can first try with allow all:
    PASS * * * *

    If your network looks like this example:

    client –-VPN (192.168.12.0/24) --- pfsense --- 192.168.100.0/24

    Then there should be access after editing the firewall rule in OpenVPN.

    If you have different subnets behind your pfsense, then you have to enter:
    push "route x.x.x.x y.y.y.y"
    in advanced configuration of your pfsense OpenVPN Server.



  • could you be more specific please. i already created a rule to allow openVPN from any to any. i can connect, but when i do ipconfig /all on client it is showing self assigned address (169.254.37.36) on openvpn interface.
    my set up is: LAN-192.168.10.0/24; openvpn-192.168.12.0/24; pfsense local-192.168.10.100; pfsense wan-xxx.xxx.xxx.xxx
    please tell me where & what exactly i should create the rule. it's been a week since i am searching for it, i am missing something small issue, but couldn't figure out what it is.
    thanks



  • Hi,

    The Network on which the remote user is connected to the internet must NOT be the same as the tunnel network or the network the pfsense uses. There must be three different networks.

    Sometime pictures say more than 1000 words ;)
    In some cases my english isn't so good to explain things like I would do in my native language. But just let me know, if you need some more help!










  • thanks brother, i dont see any openVPN tab in my firewall rules. can see LAN, WAN & IPsec only. i am  getting 255.255.255.252 rather than 255.255.255.0 on client pc when i did ipconfig /all. could you please tell me what i am missing.
    did you mean three private networks ???



  • That you do not see any OpenVPN Tab in firewall rules is curious. This tab appeares when you finished your OpenVPN Server Config. Do you use the actual pfsense snapshot ? Perhaps there is a difference between 1.2.3 and 2.0. I am using 2.0.

    Whatever if you use private or not private networks, it should work.
    I think there is something wrong with your server configuration because the OpenVPN tab in firewall rules doesn't appear.

    In "STATUS" -> "SERVICES" check if openvpn is running.

    I added my complete configuration of OpenVPN server so you can check the differences.




  • can i run ipsec & openVPN both processes at same time ??



  • hi, came to know that i can run ipsec and openvpn at same time. but i dont find a way to start openvpn process. thanks



  • A possibility could be - just for testing purposes - to disable and/or deinstall all IPsec configs and just try OpenVPN….but I don't think this will make much sense.

    are you using the actual snapshot of pfsense 2.0 ?



  • i am using pfsense 1.2.3.
    deinstalling ipsec makes no difference.



  • as noted in the pfsense docs:
    "Word of caution: You can have both IPSec and OpenVPN enabled/in use at the same time, however, not for the same subnets. Any IPSec tunnel that references a subnet you wish to use in OpenVPN must be disabled, but IPSec andOpenVPN do not conflict."

    Your Site-Site is using IPSec so you will want to use IPSec for your remote clients or switch everything over to OpenVPN

    Edit: To see/set rules for any OpenVPN Tunnel, you need to add it as an interface, so you not seeing it is not unusual. What is your clients OpenVPN config? (remove public IPs/FQDNs)


Log in to reply