Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Subnet access over OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      ZGruk
      last edited by

      Attached is a diagram showing my current network.
      Client-to-client communication is enabled on the OpenVPN server, and pings go both directions between pfSense (10.8.0.6) and the WWW computer (10.8.0.10) as well as back and forth to the server. Just to be clear, the OpenVPN server is a linux server running Ubuntu.

      What I'd like is for the WWW computer to be able to access, at minimum, file shares on computers or NAS behind pfSense (in the "other computers"). Ideally it'd be able to do anything that one of those could, like print to network printers, etc.

      What do I need to do to get this to work? I know I need to modify the routing tables on one more of the devices, but I'm not sure which ones, or the exact modifications need to be made.

      I'm running pfSense 2.0, if it makes a difference.
      ![Screenshot from 2014-05-14 14:12:00.png](/public/imported_attachments/1/Screenshot from 2014-05-14 14:12:00.png)
      ![Screenshot from 2014-05-14 14:12:00.png_thumb](/public/imported_attachments/1/Screenshot from 2014-05-14 14:12:00.png_thumb)

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Why won't you run an OpenVPN server at the pfSense machine? So you could configure the route in server settings and you will have access to the network behind by establishing this one connection only.

        However, if you can reach the other VPN client it will also work as you want, but with a manual set route.
        You have to add a route to your www computer for the network 10.14.2.x to go over the pfSenses OVPN client IP (10.8.0.6 in your example).
        But if the client IP changes the route has to be adjusted.

        1 Reply Last reply Reply Quote 0
        • Z
          ZGruk
          last edited by

          The pfSense machine is behind a NAT that I don't control, as well as a dynamic IP, which is why I can't use it as the server.

          The WWW computer is also running Ubuntu, so I've tried adding the route with the following command:

          route add -net 10.14.2.0 netmask 255.255.255.0 gw 10.8.0.6 dev tun0
          

          Which should tell it to use 10.8.0.6 as the gateway for the 10.14.2.0 subnet (over the VPN tunnel interface)
          but I get the error:

          SIOCADDRT: Network is unreachable
          

          which I don't understand, since obviously, it's unreachable without using that gateway, which is why I'm adding it…...

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            SIOCADDRT: Network is unreachable
            

            I assume your VPN server allocates a /30 net to each client. Take a look at ifconfig.

            One solution could be to change the VPN server config to supply one common subnet to all clients.
            The other solution, I think, could work, is to change your route to use your VPN gateway, presumably 10.8.0.9 (ifconfig will tell you). However, you can also use push route on VPN server for this, but only for the www computer, not for pfSsense!
            Additional set up a further route at your VPN server with 10.8.0.6.

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              Don't try to manually add routes for OpenVPN clients or servers like that, put them in its conf file.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.