OpenVPN clients can't reach LAN computers not using pfSense as gateway
-
I just took over IT for a company and I'm in the process of upgrading hardware and moving over to pfSense and OpenVPN. My issue is as follows:
I have a few computers on my LAN that are not using pfSense as their gateway, and I cannot reach these machines from a VPN client. (at this point I have to rout them out a different gateway for everything to function properly)
I am running the latest build of pfSense 2.1
Setup:
LAN: 10.0.1.0/24
OpenVPN: 10.0.10.0/24pfSense Gateway: 10.0.1.1
Other Gateway: 10.0.1.3LAN Computers:
Computer 1: I can reach this machine no problem from the OpenVPN clients
10.0.1.2 - gateway 10.0.1.1Computer 2: I CANNOT hit this machine from any OpenVPN clients
10.0.1.47 - gateway 10.0.1.3I'm using the push "10.0.1.0 255.255.255.0" option in my VPN config.
A tracert from the vpn client machine reveals that it's routing to the pfSense router (10.0.10.1 for my VPN Tunnel network) but is not going any further.
I can ping Computer 2 from pfSense with no issues.
Changing Computer 2's gateway over to 10.0.1.1 allows me to reach it from the VPN clients, but as I stated above this screws up some other things (Computer 2 is actually a phone server routed out a dedicated T1 line to my SIP trunk provider)
I've tried playing w/ some static routes, but I must be missing something as I've been unable to make this work.
Any suggestions would be greatly appreciated!
-
The gateway the phone server is using (10.0.1.3) needs a route back to 10.0.10.0/24 via 10.0.1.1
If you don't have access, ask the phone vendor to add the static route. -
Of course! I knew I was missing something simple.
That worked perfectly. Thank you!!!!
On a side note, do you have any idea why my VPN Clients are getting a 255.255.255.252 subnet mask when I have openVPN set to use 10.0.10.0/24 as the tunnel network?
-
On a side note, do you have any idea why my VPN Clients are getting a 255.255.255.252 subnet mask when I have openVPN set to use 10.0.10.0/24 as the tunnel network?
-
On a side note, do you have any idea why my VPN Clients are getting a 255.255.255.252 subnet mask when I have openVPN set to use 10.0.10.0/24 as the tunnel network?
And some words of explanation - OpenVPN can split the tunnel network into /30 pieces. The server looks like It is talking on .1, the first client gets .6 and thinks it is talking back to server on .5 - next one uses .10 back to .9 and so on. The OpenVPN server handles all that internally.
-
Thank you all!!! I really appreciate the help!