From 1.2.3 to 2.1.2 - no LAN access for VPN Clients



  • Hello,

    we have 4 years used the version 1.2.3 and want now upgrade to 2.1.2.
    I tested it on a new machine with a fresh install. But i cant get it work…

    The WAN and LAN connection is ok. Now i setup a PPTP Server with the same config like the running old pfsense.
    From the Homeoffice i connect to the pfsense and it runs. But now i cant access any Server/Client on the pfsense Side. I forgot to set the "ALL" Rule for PPTP in the Firewall. Ok, now i can ping and access the pfsene but that is all, not any other running Server in the same LAN.

    Same problem with OpenVPN, IPSec, L2P,

    tested with 32 and 64bit.

    ???



  • Do you have policy-routing rules? (i.e. rules that specify a gateway)
    The behavior of those has changed. In older versions, extra pass rules were automatically put in to allow "local" traffic to be passed to the normal routing table. Now in newer versions (2.1 and later), policy-routing rules do as they say, if you policy-route everything, then everything goes out the specified gateway. Often this is the reason for simple "local routing" to stop working on an upgrade like this.
    Add rule/s before the policy-routing rules to pass traffic between "local" subnets, with no gateway specified.



  • thanks for your answer!

    where must i set the extra policy-routing (NAT?) rule and with which configuration?

    now i have a fresh pfsense with only pptp settings. and a rule for the traffic
    IPv4* * * * * * none  All Rule

    with no Gateway  i can't make a rule, because the dropbox says default, or the IP from WAN.

    i looked in my 1.2.3 pf an there the same rules.






  • From local Net i can ping the PPTP Client on the other Side. I can remote control the PPTP Client with tightvnc.

    On the PPTP Client "Homeoffice" Side i can only reach the PFSense IP.



  • someone any ideas which rules i must set for LAN traffic?