Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    A Little Help on Reaching LAN on openVPN

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 3 Posters 747 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AVTechMan
      last edited by

      Hi, new here to the forums and have been working on pfSense for the past week. I have the pfSense installed on my ESXi 5.1 host and normal routing duties are working great. However I am trying to get VPN working with openVPN, and so far I got it to where I can connect to the VPN from outside the network, and I can ping the pfSense configurator from the tunnel.

      Only thing now is, I can't seem to reach any of the PC's or servers on the home LAN. I've set the local LAN subnet when I went through the configuration, so I am wondering if there's something I am missing or something within the firewall I need to add/adjust?

      I almost got this….once I can figure how to reach my LAN, i'll be golden. I can connect to the VPN with my Android tablet and laptop, so that's good.

      What else to I need to check? I still get a little confused on the rule to pass traffic from the LAN to the VPN, and whether that rule has to be set on each interface.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

        Firewall rules are processed when a session is started coming INTO an interface.  This means connections from your LAN computers to web pages, DNS servers, mail servers, etc., are handled by rules on your LAN interface.  If you have port forwards permitting connections from the internet inbound to local servers these go on your WAN interface.

        You do not need to worry about traffic getting back to the computer that initiated the connection.  pfSense is a stateful firewall.  It all happens as if by magic.

        For connections from LAN to VPN the rules go on LAN.  For connections from VPN to LAN the rules generally go on the OpenVPN tab.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • H
          heper
          last edited by

          do your lan clients have their gateway set to pfsense ?

          does your openvpn-client-device have a route for the lan-subnet by the tunnel (the defaultv openvpn client for windows, needs to be run "as administrator' to be able to SET the routes)

          did you try turning off windows-firewall (for testing). It is known to block pings outside its own subnet.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.