OpenVPN, No Lan, Wan Fine

  • Hi Guys,

    First of all sorry if this has been asked; I had a look but to be honest I'm not 100% sure what I'm looking for and all I found referred to Win7.

    Some definitions-

    dev-laptop is the client for OpenVPN, and the box I'd like to connect via VPN
    pfsense is an instance installed on a virtual machine on my esxi box in a datacenter; static WAN address and lan set to the range below
    internal is the ip range for the lan and on which my servers sit (I have a public /29 but most of my stuff is nat'ed)
    external refers to websites and servers on the scary wide web

    So usually when I've set these things up in the past I have access to the internal network but nothing external- I can access servers on the lan but can't get out via the gateway. This time everything is opposite; I can get out to the world perfectly fine but there seems to be no access to internal servers.

    My VPN range is on, the vpn gateway is and the lan gateway on pfsense is  Following this I would assume, then, that the VPN range should have access to the other hosts as it is a part of but it seemingly doesn't. It can only get to the outside world.

    The firewall is setup to allow all requests on all ports and protocols on the internal range but I can't access them.

    As you can probably guess for a dev machine this is a bit annoying- whatever I've done would work perfectly were this setup to allow me to, say, avoid all the tedious GEO IP stuff regional websites put up but nothing else.

    Could anybody point me in the right direction?

    The ovpn bundle generated (Not sure it helps):

    dev tun
    proto udp
    cipher AES-256-CBC
    resolv-retry infinite
    remote x.x.x.x 1195
    tls-remote Zero Internet
    pkcs12 duck-udp-1195.p12

  • Would you be trying to VPN out of a local network that is also in the range?

    I avoided the 10. and 192.168. addresses for my tunnel network because it seemed to cause a lot of hassle if I was tunneling out of someone's home network.  I decided to use as this seemed unlikely to be used as an out-of-the-box home network.


  • @jspc

    You should make clear first, which host is the OpenVPN SERVER and which is the OpenVPN CLIENT and which Networks you want to rech. The network(s) behind the SERVER or behind the CLIENT.

    If the networks behind the SERVER:
    then you have to push the routes from the networks behind the server to your client. Pushing routes will be configured on the SERVER.
    If you do not like to push the routes you can add them at the CLIENT config.
    Both is working but I think the better solution is to push the from the SERVER to the client.
    the command on SERVER is:

    push "route";

    If you like to connect to the network(s) behind the CLIENT:
    then you have to add the route  of the network behind the CLIENT on the SERVER:


    AND you have to add an "iroute" command on the CLIENT for the network behind the client.
    But at the irout command I am not 100% sure.


Log in to reply