Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static raoue issue

    Routing and Multi WAN
    2
    4
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      isteelsoftware
      last edited by

      Ok heres a situation thats bugging me. behind my pfsense box i have a open vpn server setup running a routed interface and i cannot get the traffic to go through my pfsense box. The pf box has a lan ip of 192.168.10.4 the open vpn server has a ip of  192.168.10.24 the server hands out ip's of 10.8.0.6+/24 and has a gw of 10.8.0.1. It opperates on tcp port 443 and i have the proper forwarding setup. I can get a client to connect and can ping itself of 10.8.0.6 and can ping 10.8.0.1 and 192.168.10.24 however i cannot ping the lan interface on the router or anything past that. below is the static route configuration of the pf box. In my firewall logs i can see the packets from 10.8.0.6 being dropped.

      • <staticroutes>- <route><interface>lan</interface>
          <network>10.8.0.0/24</network>
          <gateway>192.168.10.24</gateway>
          <descr>VPN server traffic</descr></route></staticroutes>
        ![Network config.jpg](/public/imported_attachments/1/Network config.jpg)
        ![Network config.jpg_thumb](/public/imported_attachments/1/Network config.jpg_thumb)
      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Do you have a rule on your LAN-interface that allow traffic from your VPN-subnet?
        If you see the traffic dropped i assume you didnt change the default allow rule on LAN which only allows traffic from your LAN-subnet.

        Or do you want your openVPN server to NAT the openVPN subnet?
        If you're running pfSense on the machine running the openVPN server you need to add an advanced outbound NAT rule.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • I
          isteelsoftware
          last edited by

          Here is my LAN rule list, so no i do not have a route setup there, however i do have a static route that should pass all traffic that it sees on the 10.8.0.0 /24 range to 192.168.10.24 as that is the server that i want all traffic to come from… I did however try that and it wouldnt work. My pf box is not the vpn server the vpn server is behind the router. and its running a routed interface not a bridged interface. the only thing i havent tried yet is to change the rule from 10.8.0.0/34 to 10.8.0.6 /24?

          <filter>- <rule><type>pass</type>
            <descr>Default LAN -> any</descr>
            <interface>lan</interface>

          • <source>
              <network>lan</network>

          • <destination><any></any></destination></rule>
            -</filter>

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            As i've wrote before: If you have only one rule with as source your LAN subnet, the traffic has to be dropped since it doesnt match the allow rule.
            I'm talking here about FIREWALL rules. Not routes.

            (there is an invisible "block all"-rule at the very bottom of the rule list)

            create a rule that allows traffic from your VPN subnet.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.