Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn connects but no lan access

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sangour111
      last edited by

      hi  :)
      I can connect to the VPN but after I connect I can't connect to any of the machines inside my network.  I can access the PFSense box using the internal IP address so the VPN seems to be working but I can't access any other machine on my network.

      1 Reply Last reply Reply Quote 0
      • C
        chris4916
        last edited by

        Can you please show your "client" settings and/or "clients overrides" settings?

        Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

        1 Reply Last reply Reply Quote 0
        • S
          sangour111
          last edited by

          @chris4916:

          Can you please show your "client" settings and/or "clients overrides" settings?

          i have no client setting 
          for what and how config thinks

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            I think, you've mussed something of VPN server and client.

            Your goal is to provide an VPN server at pfSense, I think. So you don't need an OpenVPN interface, you also don't need a gateway. So delet both of theme.

            If you haven't allready one add a rule to OpenVPN that allow access to your desired network. Then the hosts should be accessible, presupposed pfSense is the default gateway at these hosts. If it isn't you have to care for correct routing in addition.

            1 Reply Last reply Reply Quote 0
            • S
              sangour111
              last edited by

              thinks i add rule to openvpn but not work

              how add correct routing

              1 Reply Last reply Reply Quote 0
              • C
                chris4916
                last edited by

                in order to debug, try this:

                In client specific overrides section, set "IPv4 Remote Network/s" in tunnel settings section with remote subnet you want to access. same value as what you set in IPV4 local network.
                Restart your VPN server and give a try  ;)

                Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                1 Reply Last reply Reply Quote 0
                • S
                  sangour111
                  last edited by

                  @chris4916:

                  in order to debug, try this:

                  In client specific overrides section, set "IPv4 Remote Network/s" in tunnel settings section with remote subnet you want to access. same value as what you set in IPV4 local network.
                  Restart your VPN server and give a try  ;)

                  not working  :-\

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    Yeah, it will never work if you put nonsense like X.509 into the CN field! The CN must match the certificate!!!

                    1 Reply Last reply Reply Quote 0
                    • C
                      chris4916
                      last edited by

                      Indeed. Well, you can have some settings where matching is not verified ;-) but better to make this clean.
                      Looking more in detail, the outbound page seems quite strange. As explained, there is not need for NAT and gateway.

                      I also was wrong with my proposal (in fact copy/past error): overrides should be done, as you did BTW, in the local network field.

                      If it doesn't work, what I suggest is that you look, in pfSense GUI, at potential dropped or rejected packet in log.
                      Did you try traceroute, targeting internal machine but also pfSense internal interface.
                      This will tell you, more or less, if issue is with route or FW.

                      Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                      1 Reply Last reply Reply Quote 0
                      • S
                        sangour111
                        last edited by

                        @doktornotor:

                        Yeah, it will never work if you put nonsense like X.509 into the CN field! The CN must match the certificate!!!

                        i can connect to lan thinks but not acces
                        in pfsense

                        1 Reply Last reply Reply Quote 0
                        • S
                          sangour111
                          last edited by

                          @chris4916:

                          Indeed. Well, you can have some settings where matching is not verified ;-) but better to make this clean.
                          Looking more in detail, the outbound page seems quite strange. As explained, there is not need for NAT and gateway.

                          I also was wrong with my proposal (in fact copy/past error): overrides should be done, as you did BTW, in the local network field.

                          If it doesn't work, what I suggest is that you look, in pfSense GUI, at potential dropped or rejected packet in log.
                          Did you try traceroute, targeting internal machine but also pfSense internal interface.
                          This will tell you, more or less, if issue is with route or FW.

                          i can connect to lan thinks but not acces
                          in pfsense

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.