4. OpenVPN clients can't reach LAN computers not using pfSense as gateway

OpenVPN clients can't reach LAN computers not using pfSense as gateway

  • R

    I just took over IT for a company and I'm in the process of upgrading hardware and moving over to pfSense and OpenVPN.  My issue is as follows:

    I have a few computers on my LAN that are not using pfSense as their gateway, and I cannot reach these machines from a VPN client. (at this point I have to rout them out a different gateway for everything to function properly)

    I am running the latest build of pfSense 2.1

    Setup:
    LAN: 10.0.1.0/24
    OpenVPN: 10.0.10.0/24

    pfSense Gateway: 10.0.1.1
    Other Gateway: 10.0.1.3

    LAN Computers:
    Computer 1: I can reach this machine no problem from the OpenVPN clients
        10.0.1.2 - gateway 10.0.1.1

    Computer 2: I CANNOT hit this machine from any OpenVPN clients
        10.0.1.47 - gateway 10.0.1.3

    I'm using the push "10.0.1.0 255.255.255.0" option in my VPN config.

    A tracert from the vpn client machine reveals that it's routing to the pfSense router (10.0.10.1 for my VPN Tunnel network) but is not going any further.

    I can ping Computer 2 from pfSense with no issues.

    Changing Computer 2's gateway over to 10.0.1.1 allows me to reach it from the VPN clients, but as I stated above this screws up some other things (Computer 2 is actually a phone server routed out a dedicated T1 line to my SIP trunk provider)

    I've tried playing w/ some static routes, but I must be missing something as I've been unable to make this work.

    Any suggestions would be greatly appreciated!

    0

  • The gateway the phone server is using (10.0.1.3) needs a route back to 10.0.10.0/24 via 10.0.1.1
    If you don't have access, ask the phone vendor to add the static route.

    0
  • R

    Of course!  I knew I was missing something simple.

    That worked perfectly.  Thank you!!!!

    On a side note, do you have any idea why my VPN Clients are getting a 255.255.255.252 subnet mask when I have openVPN set to use 10.0.10.0/24 as the tunnel network?

    0
  • D
    Banned

    @rickbharper:

    On a side note, do you have any idea why my VPN Clients are getting a 255.255.255.252 subnet mask when I have openVPN set to use 10.0.10.0/24 as the tunnel network?

    0
  • P

    On a side note, do you have any idea why my VPN Clients are getting a 255.255.255.252 subnet mask when I have openVPN set to use 10.0.10.0/24 as the tunnel network?

    And some words of explanation - OpenVPN can split the tunnel network into /30 pieces. The server looks like It is talking on .1, the first client gets .6 and thinks it is talking back to server on .5 - next one uses .10 back to .9 and so on. The OpenVPN server handles all that internally.

    0
  • R

    Thank you all!!!  I really appreciate the help!

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy