Openvpn connects but no lan access



  • hi  :)
    I can connect to the VPN but after I connect I can't connect to any of the machines inside my network.  I can access the PFSense box using the internal IP address so the VPN seems to be working but I can't access any other machine on my network.



  • Can you please show your "client" settings and/or "clients overrides" settings?



  • @chris4916:

    Can you please show your "client" settings and/or "clients overrides" settings?

    i have no client setting 
    for what and how config thinks



  • I think, you've mussed something of VPN server and client.

    Your goal is to provide an VPN server at pfSense, I think. So you don't need an OpenVPN interface, you also don't need a gateway. So delet both of theme.

    If you haven't allready one add a rule to OpenVPN that allow access to your desired network. Then the hosts should be accessible, presupposed pfSense is the default gateway at these hosts. If it isn't you have to care for correct routing in addition.



  • thinks i add rule to openvpn but not work

    how add correct routing



  • in order to debug, try this:

    In client specific overrides section, set "IPv4 Remote Network/s" in tunnel settings section with remote subnet you want to access. same value as what you set in IPV4 local network.
    Restart your VPN server and give a try  ;)



  • @chris4916:

    in order to debug, try this:

    In client specific overrides section, set "IPv4 Remote Network/s" in tunnel settings section with remote subnet you want to access. same value as what you set in IPV4 local network.
    Restart your VPN server and give a try  ;)

    not working  :-\


  • Banned

    Yeah, it will never work if you put nonsense like X.509 into the CN field! The CN must match the certificate!!!



  • Indeed. Well, you can have some settings where matching is not verified ;-) but better to make this clean.
    Looking more in detail, the outbound page seems quite strange. As explained, there is not need for NAT and gateway.

    I also was wrong with my proposal (in fact copy/past error): overrides should be done, as you did BTW, in the local network field.

    If it doesn't work, what I suggest is that you look, in pfSense GUI, at potential dropped or rejected packet in log.
    Did you try traceroute, targeting internal machine but also pfSense internal interface.
    This will tell you, more or less, if issue is with route or FW.



  • @doktornotor:

    Yeah, it will never work if you put nonsense like X.509 into the CN field! The CN must match the certificate!!!

    i can connect to lan thinks but not acces
    in pfsense



  • @chris4916:

    Indeed. Well, you can have some settings where matching is not verified ;-) but better to make this clean.
    Looking more in detail, the outbound page seems quite strange. As explained, there is not need for NAT and gateway.

    I also was wrong with my proposal (in fact copy/past error): overrides should be done, as you did BTW, in the local network field.

    If it doesn't work, what I suggest is that you look, in pfSense GUI, at potential dropped or rejected packet in log.
    Did you try traceroute, targeting internal machine but also pfSense internal interface.
    This will tell you, more or less, if issue is with route or FW.

    i can connect to lan thinks but not acces
    in pfsense


Log in to reply