Can connect to some devices behind remote LAN, but not all.
I've been troubleshooting an issue for a week now and I feel like I've tried everything, hence why I'm here now.
I have a road warrior Pfsense OpenVPN server set up. I'm trying to connect to the LAN behind the Pfsense server from a remote client.
I'm successfully connecting and passing through the Pfsense OpenVPN server and getting an IP address from the tunnel network on the LAN. On my test LAN, there are a couple laptops, a PLC, and an interface for the PLC. I can ping the laptops and the interface for the PLC, but not the PLC itself. I can also access the pfsense server interface just fine. I contacted the tech support for the PLC manufacturers to see if there is any built in firewall that would be blocking me, there is not. If I connect directly to the LAN, I can ping the PLC, but not if I'm remoted in. I have firewall rules in place for all the ports needed for the PLC.
I've tried to use route commands to route everything I'm connecting to in the LAN and also the server. This shouldn't be needed anyways since I'm only trying to connect to one LAN, not from this LAN to another LAN.
I know my server and client configs are correct as I can connect to everything remotely, but the PLC. The only thing that may be missing is a route command? I've tried a lot of combinations of route commands through researching this problem.
I'm not sure if this would be contributing to anything, but I used Wireshark to try to troubleshoot what is going on with the packets, I'm getting weird traffic. The traffic is ICMP from devices on the LAN and the info is redirect (redirect for network). It's redirecting the gateway address to that of the PLC?
Any suggestions would be appreciated!
phil.davis last edited by
Does the PLC have a default gateway?
It will work fine on the LAN with an IP address and netmask, it can reply directly to anything that connects to it, but to get off the LAN it will need to know a router/gateway address. Even though the incoming packets from your VPN come to the PLC across the LAN from the router, unfortunately IP is to stupid to learn this and guess at how to send replies back.
Unfortunately, I don't know much about the PLC itself, as it's not my area. It seems that it must have a default gateway as that is the only reasonable explanation here. Where would I add this gateway in my configuration to test it?
phil.davis last edited by
I mean that the PLC needs to have a default gateway set somewhere in its own internal configuration (or get it from DHCP, if it does DHCP). It might be tricky to find out how to configure the IP stack on the PLC, depending on the software/firmware implementation it might not even support the concept of "default gateway".
Alright, I got somebody to get into the interface of the PLC and it does have a default gateway and gives the PLC a static IP. So, essentially it's a router. That brings on a new problem. Could this be accomplished through some advanced route commands? I tried route x.x.x.x x.x.x.x to the PLC default gateway but that didn't work.
Nevermind, figured out how to set the PLC to DHCP and I can talk to it now. Thanks!