Internal network <- OVPN Server <- pfSense as client <- XP machine



  • Hello everybody,
    I am using pfSense with newest firmware as an OpenVPN client and want do access the internal network from an xp machine.

    Consider the following setup:
    Windows server with shares (IP: 192.168.0.100)
    OpenVPN server (IP: 192.168.0.41, 192.168.2.1 -> 192.168.2.2)
    pfSense (WAN 192.168.8.103, GW 192.168.8.1)
    pfSense (LAN 192.168.1.1)
    pfSense (OpenVPN 192.168.2.6 -> 192.168.2.5)
    XP machine connected to pfSense LAN 192.168.1.102

    With the OpenVPN application on the xp machine, it is no problem to connect to the server and reach the internal windows server (192.168.0.100) where the application assigns 192.168.2.6 to the virtual interface. Ping to 192.168.0.100 is possible.

    If I use the pfSense as client, it connects to the server 192.168.0.41 and everything seems to be ok. The pfSense can reach the windows server 192.168.0.100 via ping.

    If I now want to reach the windows server shares from an attached client (attached on the LAN port with IP 192.168.1.102) this is not possible. I can not even ping the windows server but the VPN server is reachable via ssh and ping.
    The VPN server can reach the attached client (attached on the LAN port of the pfSense) via ping without problems.
    This means one way works but the other way does not work:
    192.168.0.41  -> 192.168.1.102 OK
    192.168.1.102 -> 192.168.0.41  OK
    192.168.1.102 -> 192.168.0.100  FAILED
    192.168.1.1    -> 192.168.0.100  OK

    The output of a tracert command from the XP machine is:
    tracert 192.168.0.100

    192.168.1.1 -> 192.168.2.1 and then further hops fail with *

    All firewall settings are set to let the traffic through.

    Any suggestions what the problem is? Is this a routing problem?

    I am looking forward to hear from you ;)

    Best regards,

    ptec



  • solved, it was a routing problem on the windos server
    just added a route to the 192.168.9.0 network and now it works fine


Log in to reply