Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN connection NO access to LAN network

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      koko_dim
      last edited by

      Hi guys I have read almost all of the treads in the forum but still can’t get where I’m making a mistake with the setup of the VPN connection…
      I have a deadline to meet and I was wondering if anyone could help me out.

      The setup I have Is a pFsense box, connected to the LAN port is a Ubuntu server. The WAN port is connected straight to the internet.

      I have tried the RoadWarrior example and I get a connection thru the VPN and can access the pFsense webConfigurator.
      But when I try to SSH the server on the LAN I get a message that tells me that the host is unreachable.

      My LAN IP is the default 192.168.1.1
      I have given the server a static IP which is 192.168.1.2
      My WAN IP is static and I entered 2 DNS servers provided from my internet provider.

      My VPN configuration is as follows:
      WAN, UDP, 1194, TLS checked, TLS key checked,
      Tunnel Network:  192.168.200.0/24
      Local Network: 192.168.1.0/24
      Concurrent Connections: 2
      LZO checked
      And takes on default settings after that point!

      Please tell me what I have to do from this point on, so that I can SSH the server from a VPN client on another network.

      thanks in advance!

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        from remote:
        are you able to ping 192.168.200.1 ?
        are you sure the firewall rules on the pfsense don't block ?
        are you are able to ping 192.168.1.1 but not 192.168.1.2 ?

        on ubuntu:
        did you set the gateway to 192.168.0.1 when setting the static ip of 192.168.0.2 ? Without the pfsense set as default gateway on the ubuntu, routing will fail.
        to check login as root and type 'route' … it should output all configured routes. the "default" one should point to the pfsense

        kind regards

        1 Reply Last reply Reply Quote 0
        • K
          koko_dim
          last edited by

          thank you for the reply!

          from remote:

          i am able to ping 192.168.200.1 but not 192.168.200.2 when i ssh 192.168.200.1 i get my pfsense. when try to ssh 192.168.200.2 i get host is unreachable.

          i have the default firewall rules created by the OpenVPN wizard. The outbound NAT rules are set to auto. Do i need to modify the Firewall or NAT in some way?

          on ubuntu:

          the default gateway is pfsense. the output of 'route' is:

          Kernel IP routing table
          Destination    Gateway            Genmask        Flags Metric Ref    Use Iface
          default            pfSense.localdo 0.0.0.0              UG    100    0        0    eth0
          link-local        *                        255.255.0.0      U      1000  0        0    eth0
          172.16.22.0    *                        255.255.255.0  U      0        0        0    vmnet8
          172.16.135.0  *                        255.255.255.0  U      0        0        0    vmnet1
          192.168.1.0    *                        255.255.255.0  U      0        0        0    eth0

          do i need to make any adjustments to the routing table?

          thanks again!!

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            as far as i know you don't need to change any NAT rules …. perhaps you should check your firewall rules.

            could some screenshots of openvpn/firewall/nat/routing table ?

            also find out whats in the routing table of the roadwarrior

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.