OpenVPN connection NO access to LAN network

koko_dim · Jun 5, 2012, 3:06 PM

Hi guys I have read almost all of the treads in the forum but still can’t get where I’m making a mistake with the setup of the VPN connection…
I have a deadline to meet and I was wondering if anyone could help me out.

The setup I have Is a pFsense box, connected to the LAN port is a Ubuntu server. The WAN port is connected straight to the internet.

I have tried the RoadWarrior example and I get a connection thru the VPN and can access the pFsense webConfigurator.
But when I try to SSH the server on the LAN I get a message that tells me that the host is unreachable.

My LAN IP is the default 192.168.1.1
I have given the server a static IP which is 192.168.1.2
My WAN IP is static and I entered 2 DNS servers provided from my internet provider.

My VPN configuration is as follows:
WAN, UDP, 1194, TLS checked, TLS key checked,
Tunnel Network: 192.168.200.0/24
Local Network: 192.168.1.0/24
Concurrent Connections: 2
LZO checked
And takes on default settings after that point!

Please tell me what I have to do from this point on, so that I can SSH the server from a VPN client on another network.

thanks in advance!

heper · Jun 5, 2012, 6:01 PM

from remote:
are you able to ping 192.168.200.1 ?
are you sure the firewall rules on the pfsense don't block ?
are you are able to ping 192.168.1.1 but not 192.168.1.2 ?

on ubuntu:
did you set the gateway to 192.168.0.1 when setting the static ip of 192.168.0.2 ? Without the pfsense set as default gateway on the ubuntu, routing will fail.
to check login as root and type 'route' … it should output all configured routes. the "default" one should point to the pfsense

kind regards

koko_dim · Jun 6, 2012, 7:54 AM

thank you for the reply!

from remote:

i am able to ping 192.168.200.1 but not 192.168.200.2 when i ssh 192.168.200.1 i get my pfsense. when try to ssh 192.168.200.2 i get host is unreachable.

i have the default firewall rules created by the OpenVPN wizard. The outbound NAT rules are set to auto. Do i need to modify the Firewall or NAT in some way?

on ubuntu:

the default gateway is pfsense. the output of 'route' is:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default pfSense.localdo 0.0.0.0 UG 100 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth0
172.16.22.0 * 255.255.255.0 U 0 0 0 vmnet8
172.16.135.0 * 255.255.255.0 U 0 0 0 vmnet1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

do i need to make any adjustments to the routing table?

thanks again!!

heper · Jun 6, 2012, 5:47 PM

as far as i know you don't need to change any NAT rules …. perhaps you should check your firewall rules.

could some screenshots of openvpn/firewall/nat/routing table ?

also find out whats in the routing table of the roadwarrior