Unable to Connect to LAN with OpenVPN

manolios · Sep 9, 2012, 1:52 AM

Hello,

I like to setup OpenVPN so when outside on the road using an openvpn client to be able to connect to the private LAN and have access to all resources within the LAN. I want all the connections to be going through the LAN when the client is connecting through the OpenVPN setup.

I have tried different configurations and I was not able to achieve that.

With my last configuration I was able to establish a connection to the OpenVPN Server but all network connection was not going through my LAN.

Does any one has or now of any simple step by step instructions that I can follow to accomplish that?

I appreciate all the help!

Thanks

kilthro · Sep 9, 2012, 1:56 PM

Just curious. On the server config for open vpn did you enable the checkmark box
Redirect Gateway
Force all client generated traffic through the tunnel.

This should keep it from split tunneling and using local/vpn network.

Nachtfalke · Sep 9, 2012, 3:38 PM

As the poster before said:
If you checked " Force all client generated traffic through the tunnel." then all the traffic from the client will be routed through the VPN.

On pfsense you have to setup firewall rules to allow the traffic from the OpenVPN network to your LAN.

If you disable " Force all client generated traffic through the tunnel." then you have to tell the client which routes/subnets should be routed through VPN. This can be done with the push "route x.x.x.x y.y.y.y"; command

manolios · Sep 9, 2012, 7:32 PM

I have tried with having the "Force all client generated traffic through the tunnel." checked and when I do that then I have not internet access at all. The internet connection seems to be on but I have no access to the web or lan.

I have not even been successful to even ping my pfSense.

What is the difference between "Force all client generated traffic through the tunnel." and the "Local Network" setting in the vpn server tunnel settings?

Also, my vpnserver is on a different subnet than my pfSense and lan.
Here is the setup

VPNClient < –---(WEB)--------> pfSense < ---------------> LAN
(10.0.8.6) (IP: 172.16.1.1) (172.16.1.1 - 172.16.1.254)
(VPN Tunnel 10.0.8.0/24)

The attachments show all the Firewall rules that I have.

Any ideas what do I have to do on the above in order to:
1. Make sure that all the connections go through the VPN.
2. Make sure that the vpn client has access to everything inside the LAN.

Thanks,

manolios · Sep 9, 2012, 7:34 PM

Also as per the two comments, in my latest set up I have the Force all client generated traffic through the tunnel. checked.

kilthro · Sep 9, 2012, 7:38 PM

The local network is the network you want the vpn clients to have access to. If you do not enable that the connected users will not be able to access the network.

Are you pushing DNS as well?

manolios · Sep 9, 2012, 8:15 PM

When I check the "Force all client generated traffic through the tunnel." I no longer have the option to specify Local Network.

I am not sure what you mean by "pushing DNS", but I do not have any "push" commands in the Advanced Configuration of the OpenVPN Server.

Nachtfalke · Sep 10, 2012, 9:54 AM

@kilthro:

The local network is the network you want the vpn clients to have access to. If you do not enable that the connected users will not be able to access the network.

Are you pushing DNS as well?

Local network will not be available if you redirect all traffic through OpenVPN. Local network is only available if you want that the client should rout all traffic from network "172.16.1.0/24" through VPN and all other traffic through the internet connection on the VPN client site.

@manolios
On pfsense where the OpenVPN server is running, there you have to go to Firewall and on the "OpenVPN" tab. There you have to allow the traffic from the OpenVPN network (10.0.8.0) to any.