Remote access thru LAN interface via OpenVPN



  • Greetings,

    I am new to the pfSense and OpenVPN world.  So if I there is already an answer to my question below, please send me the link.  I am creating a secondary connection just in case my primary VPN solution fails.  Here is what I did on the pfSense server.  I created an external interface with the IP for my DMZ.  On my internal interface, I have it attached to my mgmt network.

    My goal is to VPN directly (from remotely) to the pfSense server via the WAN interface.  Once the VPN is establish, I want to have the ability to RDP directly to my host on the mgmt network. I followed the instruction from https://www.highlnk.com/2013/12/configuring-openvpn-on-pfsense/.  I am able to establish the VPN connection successfully, but I am not able to ping the host on the LAN interface. For the VPN network, I defined 10.0.8.0/24 (as in the example).  My LAN interface is 172.21.9.0/24.

    When my win7 client connects successfully, it gets the IP address of 10.0.8.6.  Logically (as a firewall administrator), when I ping 172.21.9.100, I would think it should get routed via the VPN tunnel.  It should then hop thru my LAN interface, and forward it over to 172.21.9.100 via arp.  To make sure 172.21.9.100 knows how to send the icmp reply back properly, I will have to create a NAT (using my LAN interface) from source Net of 10.0.8.0/24.

    However, when I do a netstat -rn on my win7, I do not see a specific route for 172.21.9.0/24.  As such, when I do a tracert to 172.21.9.100 from my win7 client, it takes the default route as stated in the routing table. Pinging 172.21.9.100 from the establish VPN win7, I get timed out.

    I think this has something to do with the VPN server configuration under tunnel settings, or adding the route somewhere else so it gets push to the VPN client so that it is aware of routing 172.21.9.0/100 thru the established VPN interface.

    Your help is much appreciated…

    Thank you.

    Vincent



  • Can you post a screenshot of what your OpenVPN server config looks like?



  • divsys,

    attached is the screen shot on the client settings session of the openvpn server…

    Vincent

    ![vpn server.jpg](/public/imported_attachments/1/vpn server.jpg)
    ![vpn server.jpg_thumb](/public/imported_attachments/1/vpn server.jpg_thumb)



  • What version of pfSense are you running?

    Any reason not to upgrade to 2.1.4?



  • jfp,

    I am running 2.1.4.

    Vincent



  • Your screen shot doesn't show the upper portion of the OpenVPN page, what mode is the OpenVPN server using (should be in the top line of the OpenVPN server config screen)? Can you post the upper two sections of the OpenVPN server config "General Information" and "Cryptographic Settings"?

    What's interesting is that I don't see any lines in your screenshot for the Local and/or Remote IPv4 networks in the config.  Which would make it difficult for the connection to route any traffic.

    Did you use the OpenVPN wizard to create the OpenVPN server?