New install, same settings as old box.. not working



  • I have just installed a fresh 2.0-RELEASE.  Created the OpenVPN certificates and everythign the same same as i did before..  I can connect to the VPN and remtely control my pfsense box via WebConfigurator.. but i am unable to connect to any of my servers or routers that are on the LAN interface..

    Box has 2 NIC's. WAN and LAN

    LAN ip is 10.0.0.99.
    WAN ip is 189.53.100.10

    Inthe OpenVPN server settings it has assigned an ip of 10.0.8.0/24 adn my the Local Network IP range is my LAN: 10.0.0.0/18.  One i connect to the OpenVPN server from my laptop at home, i can get to 10.0.0.99 but i am unable to get to any of my other machines on the same network.. such as 10.0.0.6, or 10.0.0.25.

    This worked in my previous install (previous install LAN was 192.168.5.0/24).. how have i got it wrong this time?



  • Subnetting 101… your tunnel network 10.0.8.0/24 falls inside of your 10.0.0.0/18 Lan scope and is messing with your routing.

    Change your OpenVPN tunnel network to something outside of your LAN scope (or vice versa). Personally, I would keep it simple and change your LAN to 10.0.0.0/24 or 192.168.50.0/24, etc... there are thousands of combinations, just make sure its NOT on the same network as your tunnel.

    Why the /18 mask anyway?  Do you REALLY need 16,000+ LAN IP's?  LOL!



  • i have already changed the tunnel network to 192.168.0.0/24 and still have the same issue.

    I will be needing around 8000 ip's hopefully soon so i am just setting it up now for the future basically.

    Why? is there a problem with having a /18 netmask?


  • LAYER 8 Global Moderator

    Are you going to subnet that out downstream or something - yeah I could see quite a few problems with putting 8000 some clients on the same broadcast domain ;)  BTW /18 is what 16382 hosts – quite a bit more than 8000.

    And to be honest 192.168.0.0/24 would be a really bad choice for your tunnel network, since 192.168.0.0/24 is a VERY common IP range, so you prob going to conflict with the remote networks local lan space.


Log in to reply