Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewall Rules and OpenVPN

    Firewalling
    2
    4
    1213
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      powerextreme last edited by

      Hello, I have a point to point VPN between two pfsense firewalls. 
      Under the OpenVPN Interface tab I have firewall rule that permits all.
      Under the LAN Interface tab I have a rule that Permits IPV4 LAN Net, all ports, to the RemoteNetwork. I have screenshots of both.

      For some reason I can only access two addresses in the 192.168.12.0/24 network. The pfSense internal interface and the file server. I have two other devices that I cannot reach. I log into the remote pfsense and they can be pinged from the remote firewall. I don't get why. I checked the firewall logs and it see it allowing traffic based on the LAN rule i mentioned earlier.

      What could be the possible problem? How can I troubleshoot it?

      ![OpenVPN Rule.png](/public/imported_attachments/1/OpenVPN Rule.png)
      ![OpenVPN Rule.png_thumb](/public/imported_attachments/1/OpenVPN Rule.png_thumb)
      ![LAN Interface Rule.png](/public/imported_attachments/1/LAN Interface Rule.png)
      ![LAN Interface Rule.png_thumb](/public/imported_attachments/1/LAN Interface Rule.png_thumb)

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        How did you try to reach the other hosts? Ping?
        Is there a firewall running on that hosts? Windows for instance doesn't respond to pings from unknown subets by default. You have to adjust your firewall to allow it.

        1 Reply Last reply Reply Quote 0
        • P
          powerextreme last edited by

          Thanks for the reply. I was able to ping the devices by logging into the remote pfsense and using the Diagnostic tool there to ping it. I just can ping it from my computer on the local side. So again, I can reach some remote devices but not others. I don't get it. The logs are not showing me much at all. Or I am not looking in the right place.

          1 Reply Last reply Reply Quote 0
          • V
            viragomann last edited by

            If you ping the hosts from pfSense the ping comes from the local subnet. If you ping over VPN it comes from different subnet. Some sw firewalls block this by default.

            But there could also be other reasons for that:
            If the host you try to access use another default gateway than pfSense, responses will be sent to the gateway and not go back to the vpn client.
            Or the routes are not set correctly on the client so that the part of the subnet which includes the host is isn't routed over vpn. So check the routes.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post