Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote access thru LAN interface via OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vhtan00
      last edited by

      Greetings,

      I am new to the pfSense and OpenVPN world.  So if I there is already an answer to my question below, please send me the link.  I am creating a secondary connection just in case my primary VPN solution fails.  Here is what I did on the pfSense server.  I created an external interface with the IP for my DMZ.  On my internal interface, I have it attached to my mgmt network.

      My goal is to VPN directly (from remotely) to the pfSense server via the WAN interface.  Once the VPN is establish, I want to have the ability to RDP directly to my host on the mgmt network. I followed the instruction from https://www.highlnk.com/2013/12/configuring-openvpn-on-pfsense/.  I am able to establish the VPN connection successfully, but I am not able to ping the host on the LAN interface. For the VPN network, I defined 10.0.8.0/24 (as in the example).  My LAN interface is 172.21.9.0/24.

      When my win7 client connects successfully, it gets the IP address of 10.0.8.6.  Logically (as a firewall administrator), when I ping 172.21.9.100, I would think it should get routed via the VPN tunnel.  It should then hop thru my LAN interface, and forward it over to 172.21.9.100 via arp.  To make sure 172.21.9.100 knows how to send the icmp reply back properly, I will have to create a NAT (using my LAN interface) from source Net of 10.0.8.0/24.

      However, when I do a netstat -rn on my win7, I do not see a specific route for 172.21.9.0/24.  As such, when I do a tracert to 172.21.9.100 from my win7 client, it takes the default route as stated in the routing table. Pinging 172.21.9.100 from the establish VPN win7, I get timed out.

      I think this has something to do with the VPN server configuration under tunnel settings, or adding the route somewhere else so it gets push to the VPN client so that it is aware of routing 172.21.9.0/100 thru the established VPN interface.

      Your help is much appreciated…

      Thank you.

      Vincent

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        Can you post a screenshot of what your OpenVPN server config looks like?

        -jfp

        1 Reply Last reply Reply Quote 0
        • V
          vhtan00
          last edited by

          divsys,

          attached is the screen shot on the client settings session of the openvpn server…

          Vincent

          ![vpn server.jpg](/public/imported_attachments/1/vpn server.jpg)
          ![vpn server.jpg_thumb](/public/imported_attachments/1/vpn server.jpg_thumb)

          1 Reply Last reply Reply Quote 0
          • D
            divsys
            last edited by

            What version of pfSense are you running?

            Any reason not to upgrade to 2.1.4?

            -jfp

            1 Reply Last reply Reply Quote 0
            • V
              vhtan00
              last edited by

              jfp,

              I am running 2.1.4.

              Vincent

              1 Reply Last reply Reply Quote 0
              • D
                divsys
                last edited by

                Your screen shot doesn't show the upper portion of the OpenVPN page, what mode is the OpenVPN server using (should be in the top line of the OpenVPN server config screen)? Can you post the upper two sections of the OpenVPN server config "General Information" and "Cryptographic Settings"?

                What's interesting is that I don't see any lines in your screenshot for the Local and/or Remote IPv4 networks in the config.  Which would make it difficult for the connection to route any traffic.

                Did you use the OpenVPN wizard to create the OpenVPN server?

                -jfp

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.