Can't reach all hosts on the internal network
-
I inherited a pfSense 1.2.3 box from my predecessor and am trying to learn pfSense as I go. The problem I'm struggling with now is that he had setup a bunch of OpenVPN tunnels and one of the users is only able to hit certain IPs on the inside network but needs to hit others. I went through the Firewall Rules but cannot identify anything to cause this behavior. All the tunnels have a single rule configured with source and destination of "any" but with the port matching the port defined in the tunnel.
When I look at the OpenVPN tab, I only see the different tunnels and the ability to modify those or create new ones….I don't see any way to limit clients' access to certain IPs. What am I missing?
-
All the tunnels have a single rule configured with source and destination of "any" but with the port matching the port defined in the tunnel.
These sound like rules on WAN that allow the OpenVPN client end of the tunnel to come in on WAN to connect to the server.
There should be Firewall Rules on the OpenVPN tab (In Firewall->Rules) that allow access for ordinary data travelling inside the tunnel/s. Are there any of those? -
Thanks Phil - when I look under Firewall–>Rules I don't see an OpenVPN tab but I do see a tab named OPT1PLC which, I assume, is Option 1 and PLC is actually the name of the network I'm trying to tunnel to.
In there are about a dozen allow rules and 1 deny but none of them appear to be allowing me to ping the devices that do succeed, much less denying the devices that fail. Actually, all of them have destination addresses which would not cover the address I'm pinging from.
Just to be sure though I made another rule here and included "OPT1PLC net" as as my Source and put in my own subnet as my destination with both the Ports and the Gateway fields set to * but saw no difference. The new test rule is at the top so we don't interfere with any other rules.
-
I didn't look hard at your pfSense version - 1.2.3. I updated one of those a few weeks ago, but I really have no useful memory of what the menus looked like - and certainly not how VPN was done! Someone else who knows the 1.2.3 menus and VPN please feel free to advise.