Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internal LAN access stops when gateway removed

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KOMK
      KOM
      last edited by

      I set up an instance of pfsense to act as an OpenVPN server.  It's been working fine for the past 2 months.  When I first installed it, I set a gateway that points to our MS ISA server.  Now we're looking to punt MS ISA and just use the pfsense box as the gateway.  When I go to LAN config and remove the gateway value, OpenVPN users can no longer access any of the internal network.  What did I do wrong?  Do I have to define the gateway for the pfsense box as being itself?  Is the OpenVPN config dependent on the gateway, so I have to reconfig OpenVPN if it is changed?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        What exactly is the network topology? Is your real LAN behind the MS ISA server?
        You should just be able to have your real LAN devices on a switch connected to the pfSense LAN port, then put the LAN subnet in the the OpenVPN server "IPv4 Local Network/s" field. Make sure there is a rule on OpenVPN tab to allow traffic with destination LANnet.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Yeah how do you have pfsense connected in your network.. With pfsense you do NOT put gateways on LAN connections, to pfsense if it has a gateway it is a WAN interface and would automatically do nat to it, etc.

          If you want to move pfsense act as your gateway of your network.. Then it would have WAN connection tied to your internet/wan and then a LAN connection this is your local network.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            Thanks for the reply, gents.

            Our network is pretty simple and flat.  Yes, our real LAN is behind the ISA server.  I'm using VMware vSphere to run both the ISA server and the pfSense box.  The VMware hosts all have a direct connection to our public router, and the pfSense box has a dedicated public IP adddress for WAN – it doesn't go through the ISA server.  I wanted to have our VPN users to be able to connect to the network, but I also wanted them to be subject to the rules of our MS ISA server (which is our current gateway) if they use the virtual machines on our network to go out.  I can't have VPN users using our network to surf kiddie porn externally, for instance.  When installing pfSense, I gave the LAN connection our ISA server as a gateway out of habit (I was and am still very new to pfSense) but it all seemed to work anyway, and like I said before, everything has been working great until I removed the LAN gateway.  My firewall rules - OpenVPN tab has a list of rules that direct specific IP addresses (users) to specific virtual machines, and this has worked well to control access to servers on our network by the VPN users.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.