Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Clients cannot access few LAN PCs

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scorpian
      last edited by

      i have a LAN network of 192.168.0.0/24, win2003 DC 192.168.0.105 as local DNS server and pfsense use 192.168.0.200 with single WAN. i had configured pfsense as OpenVPN server using the wizard and openvpn clients are connecting fine. i have set 192.168.0.200 as the default gateway and DNS server for set of ("Hosts_Internet") PCs which connects internet. All other pc have gateway/DNS to 192.168.0.105

      from the vpnclient i can ping/rdp//access shares of the "Hosts_Internet" only. i can not connect to other PCs. Is this a DNS issue ?
      please help to fix this.

      thanks

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        The other PCs on LAN do not have a route back to the VPN  client - they need to have their default gateway also be the pfSense LAN IP, then their responses will come back to the VPN  client/s.
        If you do not want those PCs to have real internet access, then change the firewall rules on LAN so that only the allowed PCs have pass rules.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • S
          scorpian
          last edited by

          thanks phil for your reply… the default gateway set on most of the (windows)systems points to Win2003 AD DNS server.only few linux servers and exchange server has pfsense ip as default gateway. i can manage connecting "hosts_internet" via vpn client, but need to access other system to run legacy application.
          any idea from who having similar setup...

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            it's a strange setup you have there.

            normally ALL devices in the network should have pfsense as their gateway.
            is there a good reason not todo this? i currently don't know why you have your AD as gateway? is your AD doing NAT ?

            Anyways, there are solution to your current problem. But fixing the gateway on the clients is the best option, hands down.

            If for whatever reason, you can't/won't change the gateway to pfsense on your LAN devices, let me know and i'll try to explain how you can try to circumvent your network issues. (clue: NAT your lan-subnet over the VPN)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.