OpenVPN connection works, but how do I reach it from this workstation?



  • Hey, I am trying to get a VPN working to reach my home server at work. My home server is a simple Ubuntu server, and the firewall at my work is pfSense 2.0.1.

    The OpenVPN connection itself seems to be doing great, it shows as up in Status>OpenVPN with 'Virtual Addr' 10.8.0.6 and my home IP in 'Remote Host'. No errors on either side of the connection.

    At VPN>OpenVPN>client the client is configured with empty fields for 'Tunnel Network' and 'Remote Network'.

    Diagnostics>Routes shows a table containing the following among everything else:

    Destination Gateway Flags Refs Use Mtu Netif Expire
    10.8.0.1/32 10.8.0.5 UGS 0 1395 1500 ovpnc1
    10.8.0.5 link#8 UH 0 0 1500 ovpnc1
    10.8.0.6 link#8 UHS 0 0 16384 lo0

    The thing is: I don't know what to do next to be able to reach my home server from a workstation at work. My home server is running a webserver so I expect to be able to just enter '10.8.0.1' in my browser, but it is unreachable.

    I thought all I had to do was to assign a new Interface to the OpenVPN, and set 10.8.0.1 as a gateway for it, but this does not work. The gateway does show up as Online in Status>Gateways


  • Rebel Alliance Developer Netgate

    You probably don't have a route on the client such that it can reach 10.8.0.1. It would only automatically get a route to reach the "local subnet" you push in the settings, if you have that set, then just access it via the LAN IP instead of the OpenVPN IP. Or you can push a route to the client for 10.8.0.0/24.



  • The LAN IP, 10.8.0.6, brings me to the pfSense webinterface.

    Adding route 10.8.0.0 255.255.255.0 to the Advanced Configuration field of the client only makes me unable to open 10.8.0.6

    I have an interface MYVPN set to type=none. At the front page it shows this interface is assigned 10.8.0.6.



  • Lets back up and clarify what you're doing…. Your first sentence sounds like you're doing a simple road warrior setup to access your home server, but then go on to some site to site settings, so things are unclear.

    Give us a network map and some explicit details on what you're trying to accomplish.



  • Sorry, here is some more information;

    There is an existing pfSense at my work which has a working connection to an OpenVPN server (not at my home). I am trying to replicate this configuration to a test environment of my own, using my home server and a newer version of pfSense.

    This is how the VPN is configured on the old firewall (pfSense 1.2.3):

    | | | | |
    | Interface | Client | Routing Table | Interface list |

    On the new firewall (pfSense 2.0.1)

    | | | | |
    | Interface | Client | Routing Table | Misc Info |

    The network plan for the test environment. The old environment is basically the same, and completely separate from the other.

    What I am trying to achieve is to reach 10.8.0.1 directly from my workstation/laptop. I am able to do this in the old environment, but not in the test environment.



  • Solved!

    • Set rule generation to Manual in Firewall > NAT > Outbound
    • Create rule (Interface: MYVPN, Protocol: any, Source: Network 10.0.0.0/24, Destination: Network 10.8.0.1/32)

    When I type 10.8.0.1 in my laptop's browser, I now see a webpage running on my home server, which was my goal. Thanks for the replies!


Log in to reply