Open VPN no access to LAN when Pfsense is not DHCP server Nor Default Gateway!

  • Hi everyone,

    I am facing a problem wich I cannot seem to find the solution. What I am trying to do is to use pfsense has a Open VPN server only. The PFSense boxe is connected to the internet with is own Wan and public ip. I am able to connect to the open vpn server and have access to the internal interface of pfsense and the webadmin but i cannot access nor ping any devices on the internal LAN.

    Here is how the network is setup:

    PFsense: Wan: x.x.x.2
                  LAN: (connected to the main network ) No dhcp,

    Main Firewall: Wan x.x.x.3
                        LAN ( dhcp server, dns server and default gateway )

    So I can connect to the pfsense but cannot ping any devices on the network. PFsense is of course able to ping anything on the internal network since it'S lan interface is connected to the main network. What I would like to do is to create a bridge from the network to the Network.

    Please note that if I use pfsense has DHCP and default gateway, open vpn clients are able to access any ressources on the internal network.

    This goes beyond my Networking knowledge so if someone can help me, it would be appreciated.

    Thank you !

  • Do you have two separate pfSense boxes or one installation with two WAN NICs or one pfSense and something else?  It's not clear from your explanation.
    Are these two firewalls actually independent of each other or does one get it's WAN from the other?

    Is the pfSense OpenVPN instance the client or the server?

    Perhaps a simple diagram would make it easier to understand.

    The only thing else I can guess from your description is you may have a description/config issue as you say

    So I can connect to the pfsense but cannot ping any devices on the network.

    but you describe the pfSense LAN as:

    LAN: (connected to the main network ) No dhcp,

    Do you expect a ping from 10.1.52.x to reach
    What do your route tables on the OpenVPN connected device look like?

    One last sanity check, are you sure the internal LAN device will respond to pings from an external subnet (Win firewalls off, AV disabled, etc.)?