Can't connect to local network
I want to connect from my home or my iPhone to my office wan subnet with openvpn.
Now I can connect to the openvpn server but I cannot access to wan subnet.
I attach my net diagram :-[ and some pfsense screenshots… Where is the mistake?? ???
Thank You all
[Schermata 2013-09-25 alle 12.09.47.png](/public/imported_attachments/1/Schermata 2013-09-25 alle 12.09.47.png)
I can't see some of the things you put on for the MAC - However…
I see some big problems.
in Firewall > Rules
Remove the rule for 192.168.2.0/24 on the WAN - Thats bad and un-needed.
Remove the rule that looks like all * * * * * * * at the bottom on the WAN
That is a pass any from any to all rule and shouldn't be on the WAN.
Thats TERRIBLE and un-needed. That rule turns your firewall into a Welcome-all-wall.
remove the last rule on your firewall > rules Openvpn tab. The first rule is all that is needed.
in your mac client config, near the bottom of the commands add route 192.168.1.0 255.255.255.0
Lastly - NONE of this is going to work well if the subnet you are on when you are away from home is also 192.168.1.0/24 or 192.168.2.0/24. Thats why when you set up a pfsense with the intent of using it for VPN you should pick seldom used IP for the LAN like 10.50.36.1 / 24
Hope that helps.
Yes, I added that bad rule because I was desperate and thinked there were something bad…
Yes, home net and office subnet are the same -.-'' Il'' change office network :)
I dont' understand what I have to do " in your mac client config, near the bottom of the commands add route 192.168.1.0 255.255.255.0".. ???
You mean Into System/Routing/Routeses ???
Thank you very much :D
In the client configurat that is located on your MAC (its just a file that probably ends with .ovpn) there is a bunch of commands.
route 192.168.1.0 255.255.255.0
incase for some reason its not getting pushed from pfsense.
But you really really need to change your LAN IP ASAP to something off… like 192.168.39.1/24 and your Openvpn IPs also to something off like 10.x.x.0/24 (the Xs would be a random number between 10 and 200)
Right now its way to probable that you will have IP conflicts because 192.168.1.x is way too common.