Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN client accessing tunnel-network but not complete LAN-network …

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Torte74
      last edited by

      Hi,

      I am testing OpenVPN with pfSense (2.2.6) and used this tutorial for doing the setup : https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server

      LAN network
      192.168.100.0/24
      pfSense Gateway 192.168.100.2 (for testing)
      normal Gateway 192.168.100.1 (ISP Router)

      VPN-Tunnel netowork
      10.0.8.0/24
      OpenVPN Server 10.0.8.1
      OpenVPN-Client got IP 10.0.8.6 when connecting

      I am able to ping / reach the following IPs from the connected OpenVPN-Client :
      10.0.8.1
      192.168.100.1
      192.168.100.2

      That's all… I am not able to ping / reach any other IPs in the 192.168.100.0/24 network.

      As I wrote, I did the setup as explained in the link above. What do I have to do to let the connected OpenVPN clients also reach all IPs in the LAN network ?

      Regards Torsten

      1 Reply Last reply Reply Quote 0
      • T
        Torte74
        last edited by

        Ok, I got it to work … but I am not sure if it's the best solution / way ... ;-)

        I changed the mode for "Firewall => NAT => Outbound" from "Automatic outbound NAT rule generation" to "Hybrid Outbound NAT rule generation" and added the following rule manually :

        Interface : LAN
        Protocol : any
        Source : Network 10.0.8.0/24

        Is this the recommended way to be able to access my LAN network (192.168.100.0/24) from the VPN-Tunnel network (10.0.8.0/24) while connected via OpenVPN ?

        regards Torsten

        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by

          The difference between the tutorial and your setup is that pfSense isn't the default gateway in your LAN.
          So if you access your LAN hosts from VPN with the IP 10.0.8.6, the hosts will send responses to the default gateway which is NOT pfSense, since they have no special route for your VPN IP.

          If pfSense is the default gateway that's no issue anymore.

          But if another route is the default gateway, a solution is to do NAT as you have already set up. This is the easiest way and I think, it's sufficient if you have just one VPN client. In consequence, access seems to come from pfSense which has a LAN address and responses are sent back to pfSense.

          The other way is to add static route to all your LAN hosts to direct VPN traffic to pfSense.

          1 Reply Last reply Reply Quote 0
          • T
            Torte74
            last edited by

            ok … thanks for the info. I also thought about the fact that pfSense is not my default gateway. Because its currently "only" a test, I do not want to modify anything on the current LIVE environment. At the moment, only a Broadband connection with about 6MBit is dirrectly attached to pfSense. Our main broadband connection at the moment with 50 MBit will stay also in future as our main, but then also directly attached to pfSense. Plan is to have the 6Mbit as Fallback. With this planned environment, pfSense will become the default gateway ... ;-)

            Regards Torsten

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.