[SOLVED]Openvpn connects but no local lan access
-
Thank you Pfsense Team for an awesome project. I like pfsense so far. My issue is that I can create a openvpn connection, authenticates to an ldap server backend, but it does not route to the local network .
My local net is a 16 bit network example 172.16.0.0/16
I've had the network that open vpn connects to at 10.10.200.0/24 , 172.16.0.0/16 . 10.10.0.0/16 but i just can see my local servers remotely. Its kinda pointess and I am not sure what needs to be done to fix this.
Does anybody have any ideas how to go about resolving this?
a. authentication works fine, prompts for password, authenticates no issues
no local area connection access. \
I've looked at the firewall rules and see openvpn connection/interface allow from to . no restrictions
-
ok, i was hoping someone would give me a tip. I have another clue.
while on the vpn. i can ping the "inside" interface. But beyond that, i can't see anything else. I think this may be a firewall issue but I am not sure.
-
its possibly a routing issue …
draw us a schematic of your setup with the corresponding subnets & show us screenshots of the openvpn server configuration.
also if using openvpn client on a windows7/vista machine, be sure to click "run as administrator". Otherwise routes will not get added by the client.
-
Im running mac osx mountain lion , ill draw up the info, shortly
THank you,
-
Network layout , openvpn screenshots , and firewall rules.
Hope this helps, thank you.
 -
on Advanced add route 172.16.0.0 and your mask etc 255.255.0.0
-
I've done that but it doesnt help. I will try it again. Also, i thought that me specifying it in the network portion would do that.
-
i added push "route 172.16.0.0 255.255.0.0"; per the example. and still no go. It connects great thought… I'm digging the ldap backend authentication.
below you'll see the network is there, but strangely its says 172.16 and not 172.16.0.0, not sure if that matters. The viscosity VPN client for mac showing succesfull connection. Like i said, I authenticate fine, connect fine, and can get as far as the pfsense lan interface, but beyond that, no.
 -
Is the pfSense firewall to which you connect the default gateway for the lan you're trying to reach?
-
dang. thats the problem. Since I've set this up as a demo, to test out pfsense. I have not yet configured it as a gateway. I setup the pfsense as my gw on a local machine and it works, it responds.
Thanks for helping me solve this. I think next would be to setup a route to the 10.0.8.0/24 network on the router. That should resolve the ping back issue.
-
Yep, either put the route in the actual gateway, or you can do some outbound NAT on the LAN to make the VPN client traffic appear to originate from the firewall so it would look "local" and thus not requite and special routing. Only downside is that you lose the original client IP in the process, as seen by the target machine. (and it would probably break SMB access)
-
I there a way to configure pfsense to act as just a vpn appliance, where i don't have to add routing to another device or change the gateway on the local machines?
-
Only by adding the NAT I mentioned. Otherwise you need routes somewhere.
(Or an ugly tap bridge VPN that drops clients into the LAN subnet with LAN IPs…)
-
Thanks again, you are my hero!
-
H hillblock referenced this topic on Mar 24, 2025, 8:13 PM