Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN´s remote clients don´t reach LAN resources

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ega
      last edited by

      Hi fellows,

      I´m apologize by any mistake, english isn´t my native language

      I´m trying to run a OpenVPN server RoadWarrior, I'm running pfsense 2.1.3 i386
      I cannot see where i have the issue, I describe the situation:

      Autentication: It´s ok, I can connect remotely over the internet with Mac OSX Tunnelblik client.

      But… I cant access the LAN resources (shared folders in LAN devices, running Windows)

      From remote client, when done ping, got response from pfSense´s LAN address, but didnt get answer from LAN device.

      In the same way, I done ping from pfsense´s Diagnostics>Ping, changing "source" to LAN and OpenVPN Server, here is the results:

      Hosts
      Source                                                                      Pfsense´s LAN (192.168.2.2)                LAN Device (192.168.2.10)
      LAN (on Diagnostics>Ping)                                                                  -                                                      OK
      OpenVPN (on Diagnostics>Ping)                                                        OK                                                  FAIL
      Remote Client (connected by openvpn)                                            OK                                                  FAIL

      I left some images about my configuration and tests, if need aditional information, let me know please

      Thanks in advance
      Interfaces.gif
      Interfaces.gif_thumb
      TunnelSettings.gif
      TunnelSettings.gif_thumb
      ping_openvpnserver_lanpfsenseOK.gif
      ping_openvpnserver_lanpfsenseOK.gif_thumb
      ping_lanpfsense_lanhostOK.gif
      ping_lanpfsense_lanhostOK.gif_thumb
      ping_openvpnserver_lanhostFAIL.gif
      ping_openvpnserver_lanhostFAIL.gif_thumb
      Firewall_Rules_OpenVPN.gif
      Firewall_Rules_OpenVPN.gif_thumb
      Diagnostics_Routes.gif
      Diagnostics_Routes.gif_thumb

      Si compartes dinero queda la mitad, si compartes conocimiento queda el doble.-

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        hi,

        things to check:

        • "play" button in front of firewall rule on openvpn-tab should be green. Gray means disabled

        • is the pfsense filled in as gateway on the lan-client?

        1 Reply Last reply Reply Quote 0
        • E
          ega
          last edited by

          Hi, thanks for your answer

          1.- The "Play" button is green, when I generated gif, just assign 8 colors, thats why looks gray, but checked on PfSense and is green (I have not made changes, just look it)

          2.-Yes, the PfSense is the gateway on LAN clients, assigned by itself (pfsense) by DHCP.

          Si compartes dinero queda la mitad, si compartes conocimiento queda el doble.-

          1 Reply Last reply Reply Quote 0
          • E
            ega
            last edited by

            Ok I've checked that the client machine doesn't has a firewall

            In the same way, I've try access from a windows machine, and didn't get it.

            Im thinking (after readings other posts, by other problems) that it can be a issue for 2.1.3 installation (I've done a clean installation), maybe when get upgrade doesn't fail, but in clean installations, in order to check that, i'm thinking install a previous version, configure openvpn and once its running, update to version 2.1.3.

            Any other suggestions?

            Thanks in advance

            Si compartes dinero queda la mitad, si compartes conocimiento queda el doble.-

            1 Reply Last reply Reply Quote 0
            • H
              heper
              last edited by

              there are no routuing issues with 2.1.3 in regards to openvpn. i run them on a dozen sites without issues.

              it is almost certainly a configuration problem. additional screenshots will help: firewall rules / ovpn config / routes / packets captures,/…

              1 Reply Last reply Reply Quote 0
              • E
                ega
                last edited by

                Thanks for your answer.

                I've said about issue, by a read on other posts, in that comments things like "open interface (ovpn server) and click save on that screen" this screen doesnt come with this installation.

                You say that you have a dozen sites running, some of them were a clean installation? or all of them were updated?

                Here are the OpenVPN config screen

                Here is the routes on client

                Routing tables
                
                Internet:
                Destination        Gateway            Flags        Refs      Use   Netif Expire
                default            dd-wrt             UGSc           38        0     en1
                10/24              10.0.0.5           UGSc            1        0    tun0
                10.0.0.5           10.0.0.6           UH              3        0    tun0
                10.37.129/24       link#8             UC              3        0   vnic1
                10.37.129.2        0:1c:42:0:0:9      UHLWI           1      542     lo0
                10.37.129.255      link#8             UHLWbI          1        2   vnic1
                10.211.55/24       link#7             UC              3        0   vnic0
                10.211.55.2        0:1c:42:0:0:8      UHLWI           0        2     lo0
                10.211.55.255      link#7             UHLWbI          1        2   vnic0
                127                localhost          UCS             0        0     lo0
                localhost          localhost          UH              6     5551     lo0
                169.254            link#5             UCS             0        0     en1
                192.168.1          link#5             UCS             4        0     en1
                dd-wrt             0:40:77:bb:55:10   UHLWI          42      340     en1   1176
                movil-josegil      0:1a:73:cb:9c:e3   UHLWI           0      105     en1   1193
                macbook-ega        localhost          UHS             0        1     lo0
                192.168.1.255      link#5             UHLWbI          3       39     en1
                192.168.2          10.0.0.5           UGSc            0        0    tun0
                
                

                Thanks

                Si compartes dinero queda la mitad, si compartes conocimiento queda el doble.-

                1 Reply Last reply Reply Quote 0
                • H
                  heper
                  last edited by

                  most of my installations have been update from 2.0-Beta -> 2.0.1 -> 2.0.3 -> 2.1 -> 2.1.1 -> 2.1.2 -> 2.1.3

                  as far as i can tell, there is nothing wrong with your openvpn configuration.
                  for testing you could add a firewall rule on top of the openvpn-tab: PASS, PROTO:all, source:any , dest: some-lan-client-address, logging:on

                  see in logs, if it shows up when you try to ping the client … if it does, then i'd say it's a client issue. If not, then only packet-captures could help to explain what is happening

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.