Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't ping LAN on Server side from OpenVPN Client

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 4 Posters 17.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      OmAr786
      last edited by

      Hi,

      My problem is that i can't access to my LAN from the OpenVPN client. I can only access my pfsense router.
      I use OpenVPN server in "Force all client generated traffic through the tunnel" mode and push the route to the LAN in advanced configuration.
      Even if i use access Local Network checkbox, the problem is still same.
      I think the problem is in Firewall settings or routing
      Interfaces : 1 WAN  1 LAN    OPT1    OPT2
      PfSense act also as a WiFi via OPT1

      OpenVPN Conf file :

      dev ovpns1
      dev-type tun
      dev-node /dev/tun1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local 1.2.3.4
      tls-server
      server 192.168.2.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc
      username-as-common-name
      auth-user-pass-verify /var/etc/openvpn/server1.php via-env
      lport 1194
      management /var/etc/openvpn/server1.sock unix
      max-clients 5
      push "route 192.168.1.0 255.255.255.0"
      push "dhcp-option DNS 192.168.1.1"
      push "dhcp-option NTP 1.2.3.4"
      push "redirect-gateway def1"
      client-to-client
      ca /var/etc/openvpn/server1.ca
      cert /var/etc/openvpn/server1.cert
      key /var/etc/openvpn/server1.key
      dh /etc/dh-parameters.1024
      tls-auth /var/etc/openvpn/server1.tls-auth 0
      comp-lzo
      persist-remote-ip
      float
      push "route 192.168.1.0 255.255.255.0"

      PfSense version 2.0
      PfSense IP :192.168.1.1
      LAN NETWORK :192.168.1.100 - 200
      VPN NETWORK :192.168.2.0

      Please help me !!!

      1 Reply Last reply Reply Quote 0
      • D
        damascene
        last edited by

        Did you add allow rule in OpenVpn page in firewall rules?

        Connect to our open source http://www.qurancomplex.org/Quran/Targama/Targama.asp

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          When you say you can access the pfSense firewall, which IP are you using? The OpenVPN IP? Or the LAN IP?

          If your client is missing the route (for example if it's a Windows Vista/7 client that did not run as Administrator) then it couldn't get to the LAN subnet.

          But if it can reach the LAN IP but not farther in, that would suggest that it gets blocked internally, or that the system you are trying to reach does not use the pfSense firewall as its default gateway.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • E
            exec
            last edited by

            @jimp:

            or that the system you are trying to reach does not use the pfSense firewall as its default gateway

            Thank you so much. Sometimes things are so simple that it is almost impossible to spot them. I was trying to connect to the LAN over my OpenVPN connection for hours and couldn't figure out what I did wrong as all routing tables where correct.
            I am currently in the process of changing my firewalls to pfsense and also configure an new broadband connection. I completely forget that all my servers were still configured with the old gateway ip.

            Thanks again.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.