I followed the directions I found here for setting up OpenVPN with pfsense.
Everything worked great except I can’t access any devices on the LAN through OpenVPN. I looked at the Firewall rules for OpenVPN, and it has asterisks for Source, Destination, and Ports, so it doesn’t look like it is being blocked. I am able to connect to the LAN address of pfsense through OpenVPN, but that’s it. I figure there must be some step I am missing.
Any help would be appreciated.
Personally I’d manually configure the OpenVPN server from scratch, that’s the easiest way to understand what needs to be configured.
Could be anything going wrong, probably the configuration or the rules.
Very hard to tell what is wrong , without seeing your configuration - another video Tutorial: pfsense OpenVPN Configuration For Remote Users 2020 - YouTube
Maybe look at wireguard as a vpn client - Tutorial: pfsense Wireguard For Remote Access - YouTube
Tom, has done a video on which vpn to use and why - Which VPN To Use In pfsense? - YouTube
connect with openVPN, then post the route table (mask your public ip).
example: My network is 10.0.0.0/24, my tunnel 10.0.30.2, my route table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 50 0 0 tun0
default vault.lan 0.0.0.0 UG 600 0 0 wlp3s0
10.0.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp3s0
vault.lan 0.0.0.0 255.255.255.255 UH 50 0 0 wlp3s0
10.0.30.0 0.0.0.0 255.255.255.0 U 50 0 0 tun0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlp3s0
ipxx-xx-xx-xx vault.lan 255.255.255.255 UGH 50 0 0 wlp3s0
Thanks for getting back to me. Here is my routing table after connecting with OpenVPN Connect (IP is 10.0.0.2):
what ip did you use for your tunnel network?
I used 10.0.0.0/24 for the tunnel network.
I think I found the problem. I can ping 192.168.0.160, the WiFi AP, but I can’t connect to it with a browser. Some devices do not allow access from networks off the local LAN.
I got the Windows computers to start responding by changing firewall settings to allow ALL IPs, rather than just Local LAN.
Some commercial firewalls will let you program them so the VPN device assumes a local LAN IP, so the device thinks you are trying to connect using a Local LAN device. I’m not sure how to do this with pfsense.
tunnel has to be on a different subnet than the main network.
Thanks. Main LAN is 192.168.0.0/24. Remote LAN is 192.168.100.0/24. Tunnel is 10.0.0.0/24.