OpenVPN Clients cannot access few LAN PCs



  • i have a LAN network of 192.168.0.0/24, win2003 DC 192.168.0.105 as local DNS server and pfsense use 192.168.0.200 with single WAN. i had configured pfsense as OpenVPN server using the wizard and openvpn clients are connecting fine. i have set 192.168.0.200 as the default gateway and DNS server for set of ("Hosts_Internet") PCs which connects internet. All other pc have gateway/DNS to 192.168.0.105

    from the vpnclient i can ping/rdp//access shares of the "Hosts_Internet" only. i can not connect to other PCs. Is this a DNS issue ?
    please help to fix this.

    thanks



  • The other PCs on LAN do not have a route back to the VPN  client - they need to have their default gateway also be the pfSense LAN IP, then their responses will come back to the VPN  client/s.
    If you do not want those PCs to have real internet access, then change the firewall rules on LAN so that only the allowed PCs have pass rules.



  • thanks phil for your reply… the default gateway set on most of the (windows)systems points to Win2003 AD DNS server.only few linux servers and exchange server has pfsense ip as default gateway. i can manage connecting "hosts_internet" via vpn client, but need to access other system to run legacy application.
    any idea from who having similar setup...



  • it's a strange setup you have there.

    normally ALL devices in the network should have pfsense as their gateway.
    is there a good reason not todo this? i currently don't know why you have your AD as gateway? is your AD doing NAT ?

    Anyways, there are solution to your current problem. But fixing the gateway on the clients is the best option, hands down.

    If for whatever reason, you can't/won't change the gateway to pfsense on your LAN devices, let me know and i'll try to explain how you can try to circumvent your network issues. (clue: NAT your lan-subnet over the VPN)


Log in to reply