No access to LAN over OpenVPN



  • I have a pfSense router with DHCP dishing out IP addresses (range 10.10.1.) to devices on the network with openvpn set up and that gives IPs (10.10.10.).

    I can connect to VPN and access the pfSense control panel on 10.10.1.1 but I can't access or ping anything on the LAN.

    I suspect it could be the wrong subnet mask, because the VPN client has a subnet mask of 255.255.255.252 and the default gateway is empty but I have no idea how to fix that.

    Any ideas? thanks



  • Need more details.  Post your server1.conf.



  • @marvosa:

    Need more details.  Post your server1.conf.

    What I was trying to achieve is access a NAS4Free device through VPN.

    This seems to be a routing problem, because when I created a Static route inside the NAS4Free box to the OpenVPN network pointing it to the pfsense default gateway - instantly I was able to access and ping NAS4Free device.

    But I can't be doing this for every device on the network! Any ideas?



  • Give us a network diagram.
    Is pfSense the default gateway?
    Maybe it is not because you say that adding a static route on the client made it work. If there are multiple routers on your LAN and pfSense is not the default gateway, then there are going to be some hoops to jump through.



  • Where do I set pfsense as the default gateway please? I think it already is



  • when I do ipconfig on the VPN client I get the following:

    Subnet mask 255.255.255.252 and Default gateway as empty.

    My LAN is 10.10.1.1-1-10.10.1.200 the pfsense is 10.10.10.1

    and the VPN is 10.10.11.0/24



  • There very well may be a routing issue, but we can't help you troubleshoot if you do not provide more details.

    • Post a network map and your openvpn config (server1.conf)

    • Verify all the devices/PC's on your LAN are using PFsense the default gateway



  • NAS4Free box is using 10.10.10.1 as the gateway.

    When I add a static route to the VPN network inside NAS4free - it becomes instantly accessible.

    Network is Internet modem -> pfsense -> LAN -> two laptops with one of them running NAS4free inside a VM.

    I can access the NAS4free from any machine on the LAN just fine.

    Where do I get the server config?



    • Diagnostics -> Edit file

    • Navigate to "/var/etc/openvpn" and post the contents of "server1.conf"



  • It seems that the issue was the network mask. They overlapped. I have set VPN to be 192.168.1.* and everything came to life.

    I still can't do an nslookup on one of the lan devices from the vpn client, can that be achieved?

    Thank you



  • @tsolrm:

    It seems that the issue was the network mask. They overlapped. I have set VPN to be 192.168.1.* and everything came to life.

    I still can't do an nslookup on one of the lan devices from the vpn client, can that be achieved?

    Thank you

    Get away from 192.168.1.* completely. When the OpenVPN client it at somebody's home, cafe etc that has local LAN 192.168.1.0/24 then it is going to get confused having its local LAN and OpenVPN tunnel the same. Use some "random" piece of private IPv4 address space.

    If you have specified "Provide a DNS server list to clients", given an internal DNS server IP address that should know the names of LAN devices, and have firewall rules that let that traffic through the tunnel, then it should work.
    Post more details of the settings.



  • Which Subnet would you recommend to use?


  • Banned

    Use something "random". Like, 10.156.74.0/24, 192.168.219.0/24 or whatever. Also, 172.16/12 space (172.16.0.0 - 172.31.255.255) seems a whole lot less popular. 192.168.[01].* and 10.0.0.* is where  some 99% of default modem/router configurations sit out there.



  • Thank you. I have changed that and also pushed the DNS servers to the clients. It seems that I can use nslookup now.



  • Just one more question in case you have knowledge on the matter.

    I have checked the box: Redirect gateway in the OpenVPN server config.

    I understand this makes the client use the OpenVPN server bandwidth instead of their own. So basically it's eating up the networks bandwidth when it comes to internet usage.

    What if I disable this feature - would I still be able to access the LAN?


  • Banned

    Of course, yes… The checkbox is only useful if you want to use OpenVPN as your WAN (i.e., direct all WAN traffic from the client via OpenVPN).



  • Once unchecked it opens up 'IPv4 Local Network/s'

    Do I put the details of my LAN here? And this way only LAN traffic goes through vpn?


  • Banned

    Did you consider reading the OpenVPN wiki docs?



  • I'm really tight for time with this, I'm not doing this for my own amusement and I have a deadline for configuring the entire box. Could you please give me an answer?



  • @tsolrm:

    Once unchecked it opens up 'IPv4 Local Network/s'

    Do I put the details of my LAN here? And this way only LAN traffic goes through vpn?

    Yes, you need to tell it the subnet(s) that you want to be reached across the OpenVPN - your LAN(s)



  • @phil.davis:

    @tsolrm:

    Once unchecked it opens up 'IPv4 Local Network/s'

    Do I put the details of my LAN here? And this way only LAN traffic goes through vpn?

    Yes, you need to tell it the subnet(s) that you want to be reached across the OpenVPN - your LAN(s)

    Thank you for your help. Everything seems to be working