Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    First OpenVPN Setup - Can Get Connected But No Traffic to LAN

    OpenVPN
    3
    6
    2179
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Rizon last edited by

      Hello all,

      I'm attempting to set up my first OpenVPN server on pfSense to allow "road warriors" to connect to our office network.  Currently I am using a test environment using our office LAN as the "WAN" on pfSense.

      I followed the OpenVPN guide from the docs/Wiki (https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server).  I installed OpenVPN using the Client Export Windows Installers package.  Here are my network details:

      "WAN" Network (really my office LAN): 192.168.1.0/24
      OpenVPN Tunnel Network: 10.255.255.0/24
      OpenVPN Local Network: 10.0.0.0/24

      Using a PC on my office LAN (IP 192.168.1.50), I can successfully connect the OpenVPN Client and it says I have a virtual IP address of 10.255.255.2.  I am able to access the pfSense login page by going to 10.255.255.1 in a web browser.  When I attempt to access an IP camera at 10.0.0.101, the page times out (Chrome gives a "The connection was reset." error).  I suspect it is related to firewall configuration, but I am not seeing any blocked entries in the log so I'm not positive.

      I used the default firewall rules created by the OpenVPN wizard (allow from any to WAN address port 1194 under the WAN Firewall Rules, and allow to/from any on the OpenVPN Firewall Rules).

      I do have 2 IPSec VPN's enabled for site-to-site VPN's along with a firewall rule under the IPSec Rules to allow from any to 10.0.0.101.  During my testing of the OpenVPN, the IPSec VPN's have remained disconnected.  Not sure if that would affect anything but just wanted to throw it out there just in case.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        Is the pfSense LAN address set as default gateway at the hosts you want to reach, the cam here?

        1 Reply Last reply Reply Quote 0
        • R
          Rizon last edited by

          Yep, the cam is set to be configured via DHCP, and has the following info:
          IP: 10.0.0.101
          Subnet: 255.255.255.0
          GW: 10.0.0.1

          I have also attempted to ping the pfSense at 10.0.0.1 with no success.  Ping 10.255.255.1 does work fine though.

          1 Reply Last reply Reply Quote 0
          • V
            viragomann last edited by

            The ping to LAN address could only be prohibited by firewall rule.
            If your rule at OpenVPN interface is okay, as you say, check the route at client side (route print) and post the output, please.
            Consider that OpenSSL must be run with admin privileges at client host to get the route set.

            1 Reply Last reply Reply Quote 0
            • M
              moikerz last edited by

              Yes, sounds like your office computer did not run the OpenVPN client software with admin rights.

              Also, the .255 namespace can be funny on some networks. Safer to use .254 (for you, that would be 10.254.254.0/24)

              1 Reply Last reply Reply Quote 0
              • R
                Rizon last edited by

                That was it - changing it to 10.254.254.0/24 worked!

                Thank you all!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post