Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to access local IPs

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 5 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      abasel
      last edited by

      I have set up OpenVPN as per https://www.youtube.com/watch?v=VdAHVSTl1ys

      I can connect to the VPN and browse but  I can't access any IPs on the internal network.

      How do I set things up so that  I can be routed from my VPN 192.168.5.0 to my normal internal ip range 192.168.10.1?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        The OpenVPN server is handled as an additional interface in pfSense. So you have to go to Firewall > Rules > OpenVPN in GUI and add appropriate rules to allow access you want.

        1 Reply Last reply Reply Quote 0
        • A
          abasel
          last edited by

          The firewall is fully open .. it looks like a routing issue to me.

          VPNFW.png_thumb
          VPNFW.png

          1 Reply Last reply Reply Quote 0
          • M
            marvosa
            last edited by

            Post your server1.conf.

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              Maybe have a look at "Firewall" -> "NAT" -> "outbound" tab, if there is an autocreated rule for the openVPN server?

              1 Reply Last reply Reply Quote 0
              • A
                abasel
                last edited by

                No NAT rules

                Server1.conf

                dev ovpns1
                dev-type tun
                tun-ipv6
                dev-node /dev/tun1
                writepid /var/run/openvpn_server1.pid
                #user nobody
                #group nobody
                script-security 3
                daemon
                keepalive 10 60
                ping-timer-rem
                persist-tun
                persist-key
                proto udp
                cipher AES-128-CBC
                up /usr/local/sbin/ovpn-linkup
                down /usr/local/sbin/ovpn-linkdown
                client-connect /usr/local/sbin/openvpn.attributes.sh
                client-disconnect /usr/local/sbin/openvpn.attributes.sh
                local 192.168.1.10
                tls-server
                server 192.168.5.0 255.255.255.0
                client-config-dir /var/etc/openvpn-csc
                username-as-common-name
                auth-user-pass-verify /var/etc/openvpn/server1.php via-env
                tls-verify /var/etc/openvpn/server1.tls-verify.php
                lport 1194
                management /var/etc/openvpn/server1.sock unix
                max-clients 10
                push "route 192.168.10.0 255.255.255.0"
                push "dhcp-option DNS 208.67.222.222"
                push "dhcp-option DNS 208.67.220.220"
                push "redirect-gateway def1"
                ca /var/etc/openvpn/server1.ca
                cert /var/etc/openvpn/server1.cert
                key /var/etc/openvpn/server1.key
                dh /etc/dh-parameters.1024
                tls-auth /var/etc/openvpn/server1.tls-auth 0
                comp-lzo
                persist-remote-ip
                float

                1 Reply Last reply Reply Quote 0
                • I
                  italics
                  last edited by

                  In your Outbound Nat rule list, has it selected "Automatic" at the top, or manual?

                  1 Reply Last reply Reply Quote 0
                  • A
                    abasel
                    last edited by

                    Automatic….

                    1 Reply Last reply Reply Quote 0
                    • M
                      marvosa
                      last edited by

                      A couple things:

                      1.  You are double NATing. Have you checked the settings on the edge device?
                      1a. Personally, I'd move away from double NATing, it's just one more link in the chain that you need to troubleshoot.  Or at least get off the 192.168.1.x subnet,  it's just going to cause issues down the road.

                      2.  It appears you do not have a "Peer Certificate Authority" configured.  You will want to add that.

                      3.  Add an any/any rule to the openvpn tab.  This appears to be done.

                      4.  Turn off the software firewall on your internal resources while testing, so we can rule that piece out.  At this point, do pings still fail?  How does a traceroute look?

                      5.  What subnet is the client on when testing?

                      1 Reply Last reply Reply Quote 0
                      • I
                        italics
                        last edited by

                        Oh, wait, I just thought of something.. Just to check, when you are running your VPN client are you running it as Administrator? This kind of sounds like the actual routes are being set on the client pc. If you are running it as an admin, would you mind posting a traceroute output going from the client to a machine on the other side of your vpn?

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.