OpenVPN clients can't reach LAN computers not using pfSense as gateway



  • I just took over IT for a company and I'm in the process of upgrading hardware and moving over to pfSense and OpenVPN.  My issue is as follows:

    I have a few computers on my LAN that are not using pfSense as their gateway, and I cannot reach these machines from a VPN client. (at this point I have to rout them out a different gateway for everything to function properly)

    I am running the latest build of pfSense 2.1

    Setup:
    LAN: 10.0.1.0/24
    OpenVPN: 10.0.10.0/24

    pfSense Gateway: 10.0.1.1
    Other Gateway: 10.0.1.3

    LAN Computers:
    Computer 1: I can reach this machine no problem from the OpenVPN clients
        10.0.1.2 - gateway 10.0.1.1

    Computer 2: I CANNOT hit this machine from any OpenVPN clients
        10.0.1.47 - gateway 10.0.1.3

    I'm using the push "10.0.1.0 255.255.255.0" option in my VPN config.

    A tracert from the vpn client machine reveals that it's routing to the pfSense router (10.0.10.1 for my VPN Tunnel network) but is not going any further.

    I can ping Computer 2 from pfSense with no issues.

    Changing Computer 2's gateway over to 10.0.1.1 allows me to reach it from the VPN clients, but as I stated above this screws up some other things (Computer 2 is actually a phone server routed out a dedicated T1 line to my SIP trunk provider)

    I've tried playing w/ some static routes, but I must be missing something as I've been unable to make this work.

    Any suggestions would be greatly appreciated!



  • The gateway the phone server is using (10.0.1.3) needs a route back to 10.0.10.0/24 via 10.0.1.1
    If you don't have access, ask the phone vendor to add the static route.



  • Of course!  I knew I was missing something simple.

    That worked perfectly.  Thank you!!!!

    On a side note, do you have any idea why my VPN Clients are getting a 255.255.255.252 subnet mask when I have openVPN set to use 10.0.10.0/24 as the tunnel network?


  • Banned

    @rickbharper:

    On a side note, do you have any idea why my VPN Clients are getting a 255.255.255.252 subnet mask when I have openVPN set to use 10.0.10.0/24 as the tunnel network?



  • On a side note, do you have any idea why my VPN Clients are getting a 255.255.255.252 subnet mask when I have openVPN set to use 10.0.10.0/24 as the tunnel network?

    And some words of explanation - OpenVPN can split the tunnel network into /30 pieces. The server looks like It is talking on .1, the first client gets .6 and thinks it is talking back to server on .5 - next one uses .10 back to .9 and so on. The OpenVPN server handles all that internally.



  • Thank you all!!!  I really appreciate the help!


Log in to reply