Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot access LAN through OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      border
      last edited by

      Hi,

      Although I assumed it would be a typical problem I could not find the solution so hence the question…

      I configured OpenVPN and am able to login from outside the network. After connecting I can browse the internet but I cannot access any LAN computers other than the pfSense machine. S I assumed it would be a routing problem. After searching for a solution I added some commands (under Advanced Configuration):

      push "route 192.168.2.0 255.255.255.0";
      push "redirect-gateway";
      push "dhcp-option DNS 10.0.8.1";

      The pfSense gateway is on the 192.168.2.0 network while the VPN clients are on 10.0.8.0
      But even with these commands the road warrior cannot connect to other LAN computers.

      Any help is appreciated!

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        pushing routes should not be needed if you fill in the "IPv4 Local Network/s" field. (it does this automagically)

        what exactly do you mean by not being able to connect ? can you ping them ?
        do the lan-computers have their gateways set to pfsense ?

        1 Reply Last reply Reply Quote 0
        • B
          border
          last edited by

          Hi,

          From remote I can login and connect to the network.
          Once connected I can surf the Internet and access the gateway but none of the other LAN machines. For example, one LAN machine is a NAS with a web interface. I cannot access the web interface nor ping the NAS.

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            The NAS will need a default gateway defined that points to the pfSense LAN address, so it knows how to route back to things outside its own subnet, like your OpenVPN tunnel subnet. Does it have that defined?
            And I suppose you already have wide pass rule/s on the OpenVPN Firewall Rules tab, since you can browse the internet through the OpenVPN?

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • B
              border
              last edited by

              The pfSense machine is the gateway for any device in the LAN.
              So the NAS knows the IP address of the pfSense machine.

              The rule "Default allow LAN to any rule" should be enough I assume?
              Let me know if you need an overview of specific settings.

              1 Reply Last reply Reply Quote 0
              • P
                phil.davis
                last edited by

                Did you get this working?
                With what you describe, this sort of road warrior config "just works". "Default allow LAN to any rule" is fine.
                If you have any policy-routing rules on LAN that push traffic into a particular gateway then that can interfere with the ordinary routing back to the OpenVPN client.
                Do packet captures on OpenVPN and LAN to see where packets actually get to.

                As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.