Cannot access LAN through OpenVPN



  • Hi,

    Although I assumed it would be a typical problem I could not find the solution so hence the question…

    I configured OpenVPN and am able to login from outside the network. After connecting I can browse the internet but I cannot access any LAN computers other than the pfSense machine. S I assumed it would be a routing problem. After searching for a solution I added some commands (under Advanced Configuration):

    push "route 192.168.2.0 255.255.255.0";
    push "redirect-gateway";
    push "dhcp-option DNS 10.0.8.1";

    The pfSense gateway is on the 192.168.2.0 network while the VPN clients are on 10.0.8.0
    But even with these commands the road warrior cannot connect to other LAN computers.

    Any help is appreciated!



  • pushing routes should not be needed if you fill in the "IPv4 Local Network/s" field. (it does this automagically)

    what exactly do you mean by not being able to connect ? can you ping them ?
    do the lan-computers have their gateways set to pfsense ?



  • Hi,

    From remote I can login and connect to the network.
    Once connected I can surf the Internet and access the gateway but none of the other LAN machines. For example, one LAN machine is a NAS with a web interface. I cannot access the web interface nor ping the NAS.



  • The NAS will need a default gateway defined that points to the pfSense LAN address, so it knows how to route back to things outside its own subnet, like your OpenVPN tunnel subnet. Does it have that defined?
    And I suppose you already have wide pass rule/s on the OpenVPN Firewall Rules tab, since you can browse the internet through the OpenVPN?



  • The pfSense machine is the gateway for any device in the LAN.
    So the NAS knows the IP address of the pfSense machine.

    The rule "Default allow LAN to any rule" should be enough I assume?
    Let me know if you need an overview of specific settings.



  • Did you get this working?
    With what you describe, this sort of road warrior config "just works". "Default allow LAN to any rule" is fine.
    If you have any policy-routing rules on LAN that push traffic into a particular gateway then that can interfere with the ordinary routing back to the OpenVPN client.
    Do packet captures on OpenVPN and LAN to see where packets actually get to.