Can't ping LAN on Server side from OpenVPN Client



  • Hi,

    My problem is that i can't access to my LAN from the OpenVPN client. I can only access my pfsense router.
    I use OpenVPN server in "Force all client generated traffic through the tunnel" mode and push the route to the LAN in advanced configuration.
    Even if i use access Local Network checkbox, the problem is still same.
    I think the problem is in Firewall settings or routing
    Interfaces : 1 WAN  1 LAN    OPT1    OPT2
    PfSense act also as a WiFi via OPT1

    OpenVPN Conf file :

    dev ovpns1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 1.2.3.4
    tls-server
    server 192.168.2.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    username-as-common-name
    auth-user-pass-verify /var/etc/openvpn/server1.php via-env
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 5
    push "route 192.168.1.0 255.255.255.0"
    push "dhcp-option DNS 192.168.1.1"
    push "dhcp-option NTP 1.2.3.4"
    push "redirect-gateway def1"
    client-to-client
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.1024
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    comp-lzo
    persist-remote-ip
    float
    push "route 192.168.1.0 255.255.255.0"

    PfSense version 2.0
    PfSense IP :192.168.1.1
    LAN NETWORK :192.168.1.100 - 200
    VPN NETWORK :192.168.2.0

    Please help me !!!



  • Did you add allow rule in OpenVpn page in firewall rules?


  • Rebel Alliance Developer Netgate

    When you say you can access the pfSense firewall, which IP are you using? The OpenVPN IP? Or the LAN IP?

    If your client is missing the route (for example if it's a Windows Vista/7 client that did not run as Administrator) then it couldn't get to the LAN subnet.

    But if it can reach the LAN IP but not farther in, that would suggest that it gets blocked internally, or that the system you are trying to reach does not use the pfSense firewall as its default gateway.



  • @jimp:

    or that the system you are trying to reach does not use the pfSense firewall as its default gateway

    Thank you so much. Sometimes things are so simple that it is almost impossible to spot them. I was trying to connect to the LAN over my OpenVPN connection for hours and couldn't figure out what I did wrong as all routing tables where correct.
    I am currently in the process of changing my firewalls to pfsense and also configure an new broadband connection. I completely forget that all my servers were still configured with the old gateway ip.

    Thanks again.


Log in to reply