4. Can't ping LAN on Server side from OpenVPN Client

Can't ping LAN on Server side from OpenVPN Client

  • O

    Hi,

    My problem is that i can't access to my LAN from the OpenVPN client. I can only access my pfsense router.
    I use OpenVPN server in "Force all client generated traffic through the tunnel" mode and push the route to the LAN in advanced configuration.
    Even if i use access Local Network checkbox, the problem is still same.
    I think the problem is in Firewall settings or routing
    Interfaces : 1 WAN  1 LAN    OPT1    OPT2
    PfSense act also as a WiFi via OPT1

    OpenVPN Conf file :

    dev ovpns1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 1.2.3.4
    tls-server
    server 192.168.2.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    username-as-common-name
    auth-user-pass-verify /var/etc/openvpn/server1.php via-env
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 5
    push "route 192.168.1.0 255.255.255.0"
    push "dhcp-option DNS 192.168.1.1"
    push "dhcp-option NTP 1.2.3.4"
    push "redirect-gateway def1"
    client-to-client
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.1024
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    comp-lzo
    persist-remote-ip
    float
    push "route 192.168.1.0 255.255.255.0"

    PfSense version 2.0
    PfSense IP :192.168.1.1
    LAN NETWORK :192.168.1.100 - 200
    VPN NETWORK :192.168.2.0

    Please help me !!!

    0
  • D

    Did you add allow rule in OpenVpn page in firewall rules?

    0
  • Rebel Alliance Developer Netgate

    When you say you can access the pfSense firewall, which IP are you using? The OpenVPN IP? Or the LAN IP?

    If your client is missing the route (for example if it's a Windows Vista/7 client that did not run as Administrator) then it couldn't get to the LAN subnet.

    But if it can reach the LAN IP but not farther in, that would suggest that it gets blocked internally, or that the system you are trying to reach does not use the pfSense firewall as its default gateway.

    0
  • E

    @jimp:

    or that the system you are trying to reach does not use the pfSense firewall as its default gateway

    Thank you so much. Sometimes things are so simple that it is almost impossible to spot them. I was trying to connect to the LAN over my OpenVPN connection for hours and couldn't figure out what I did wrong as all routing tables where correct.
    I am currently in the process of changing my firewalls to pfsense and also configure an new broadband connection. I completely forget that all my servers were still configured with the old gateway ip.

    Thanks again.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy