OpenVPN clients can't reach LAN computers not using pfSense as gateway

rickbharper

I just took over IT for a company and I'm in the process of upgrading hardware and moving over to pfSense and OpenVPN.  My issue is as follows:

I have a few computers on my LAN that are not using pfSense as their gateway, and I cannot reach these machines from a VPN client. (at this point I have to rout them out a different gateway for everything to function properly)

I am running the latest build of pfSense 2.1

Setup:
LAN: 10.0.1.0/24
OpenVPN: 10.0.10.0/24

pfSense Gateway: 10.0.1.1
Other Gateway: 10.0.1.3

LAN Computers:
Computer 1: I can reach this machine no problem from the OpenVPN clients
    10.0.1.2 - gateway 10.0.1.1

Computer 2: I CANNOT hit this machine from any OpenVPN clients
    10.0.1.47 - gateway 10.0.1.3

I'm using the push "10.0.1.0 255.255.255.0" option in my VPN config.

A tracert from the vpn client machine reveals that it's routing to the pfSense router (10.0.10.1 for my VPN Tunnel network) but is not going any further.

I can ping Computer 2 from pfSense with no issues.

Changing Computer 2's gateway over to 10.0.1.1 allows me to reach it from the VPN clients, but as I stated above this screws up some other things (Computer 2 is actually a phone server routed out a dedicated T1 line to my SIP trunk provider)

I've tried playing w/ some static routes, but I must be missing something as I've been unable to make this work.

Any suggestions would be greatly appreciated!

dotdash

The gateway the phone server is using (10.0.1.3) needs a route back to 10.0.10.0/24 via 10.0.1.1
If you don't have access, ask the phone vendor to add the static route.

rickbharper

Of course!  I knew I was missing something simple.

That worked perfectly.  Thank you!!!!

On a side note, do you have any idea why my VPN Clients are getting a 255.255.255.252 subnet mask when I have openVPN set to use 10.0.10.0/24 as the tunnel network?

doktornotor

@rickbharper:

On a side note, do you have any idea why my VPN Clients are getting a 255.255.255.252 subnet mask when I have openVPN set to use 10.0.10.0/24 as the tunnel network?

phil.davis

On a side note, do you have any idea why my VPN Clients are getting a 255.255.255.252 subnet mask when I have openVPN set to use 10.0.10.0/24 as the tunnel network?

And some words of explanation - OpenVPN can split the tunnel network into /30 pieces. The server looks like It is talking on .1, the first client gets .6 and thinks it is talking back to server on .5 - next one uses .10 back to .9 and so on. The OpenVPN server handles all that internally.

rickbharper

Thank you all!!!  I really appreciate the help!