Unable To Access Remote Subnets Defined In Push Route
-
I have got OpenVPN client going w/ 10.0.8.5/24 subnet and I am able to access the 10.0.0.0/24 subnet that the openvpn server is hosted on. My problem is accessing remote subnets after I have defined the route via Push to the clients. I am trying to hit 192.168.11.0/24 and 192.168.1.1/24 via openvpn but it's a no go. I have even allowed all on LAN and OpenVPN firewall to troubleshoot but no dice. The route is listed in windows when doing "route print"
output of route print: 192.168.11.0 255.255.255.0 10.0.8.5 10.0.8.6 30
Am I missing a route on the firewall end?
-
I am assuming:
a) Client end is a single client PC with some LAN and an OpenVPN link to a OpenVPN pfSense server.
b) The OpenVPN link is using 10.0.8.0/24 subnet. When you connect the 2 ends get the .5 and .6 addresses (normal behaviour).
c) At the server end, 192.168.11.0/24 (and 192.168.1.0/24) are also directly accessible on ports of the pfSense server/firewall.
d) Devices in 192.168.11.0/24 (and 192.168.1.0/24) have their default gateway/route pointing at the pfSense server/firewall.The routing should just work, since the pfSense server/firewall is at the centre of it all.
You should just need firewall rules allowing traffic from 192.168.11.0/24 (and 192.168.1.0/24) to the OpenVPN subnet addresses - should only be needed if those subnets need to initiate anything.Assuming
and (d) are not true, then there is some other private router behind the OpenVPN pfSense server that knows how to get between 10.0.0.0/24, 192.168.11.0/24 and 192.168.1.0/24. That router will now need to know that 10.0.8.0/24 is reached by going to your pfSense server LAN IP.
-
Phil,
It turns out i had a weird outbound nat rule that was screwing everything up. removed that and everything is good to go. thanks for the help :O)