Can't reach the office



  • Hi,

    I'm using pfSense as my home gateway/router. Using openVPN, I have setup a link to my office, which seems to be working in partially.

    In the OpenVPN connection log I can see that: "Initialization Sequence Completed". When I look at "Dianostics | Routes", I can see all my office networks. And when I ping an office IP from "Diagnostics | Ping", everything looks good too.

    But now i want to access the office network from my home network and expected pfSense to route all traffic mean for the the office network through the openVPN tunnel. However, when I ping that office IP from a LAN PC I get a "Request timed out" error instead. What do I need to do to make this work?

    Thanks!
    Jan



  • do you have firewall rules in place to allow your lan to go to "remote office" ?



  • Thanks for your reply Heper, and I guess you're exactly hitting my weak spot with that question. Routing and firewalls are still quite an obscure field for me, which I feel I have not enough knowledge about. However, the best way to gain that knowledge is by just doing it, right? :)

    Under firewall I haven't made much aterations from the defaults:

    • I have made a few inbound NAT rules so that I can reach my server from the public internet.

    • Outbound rules have also been changed a bit. According to what I found on the internet, you need to change the outbound rules settings to "Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)" if you use the OpenVPN client. So that's what I did. I didn't add new rules, so the only ones there are the auto created rules for "ISAKMP - LAN to WAN", "LAN to WAN", "localhost to WAN".

    • Firewall rules haven't been touched at all, but I can see my inbound NAT ports there under WAN and under LAN it shows the anti-lockout rules and the "Default allow LAN to any rule" for both ipv4 and v6.

    • According to what I found on the internet I had to add a rule under OpenVPN. I have added this rule, which would allow any traffic to go through the OpenVPN interface. I.e.: everything is set to it's default/any, except the interface, which set to OpenVPN.

    Btw, I may be wrong here, but I would also have expected that if traffic was blocked, it would show up under "Status: System logs: Firewall", but I see no activity there when I try to ping through the OpenVPN port.

    Thanks for helping guys, really appreciate it!



  • Found it!!!

    Obviously, the office doesn't route my home LAN addresses. So I have to use outbound NAT with the IP address assigned to me.
    Once I had created a NAT outbound rule for interface OpenVPN, that NATs all my LAN traffic over the "Interface address", things started working like a charm. Nice, happy camper! :)

    Cheers,
    Jan