Pfsense - OpenVPN Can't Access LAN Devices

Michael2000 · February 1, 2023, 5:24am

I followed the directions I found here for setting up OpenVPN with pfsense.

Everything worked great except I can’t access any devices on the LAN through OpenVPN. I looked at the Firewall rules for OpenVPN, and it has asterisks for Source, Destination, and Ports, so it doesn’t look like it is being blocked. I am able to connect to the LAN address of pfsense through OpenVPN, but that’s it. I figure there must be some step I am missing.

Any help would be appreciated.

neogrid · February 1, 2023, 10:05am

Personally I’d manually configure the OpenVPN server from scratch, that’s the easiest way to understand what needs to be configured.

Could be anything going wrong, probably the configuration or the rules.

Paul · February 1, 2023, 10:50am

Very hard to tell what is wrong , without seeing your configuration - another video Tutorial: pfsense OpenVPN Configuration For Remote Users 2020 - YouTube

Maybe look at wireguard as a vpn client - Tutorial: pfsense Wireguard For Remote Access - YouTube

Tom, has done a video on which vpn to use and why - Which VPN To Use In pfsense? - YouTube

pavlos · February 1, 2023, 3:18pm

connect with openVPN, then post the route table (mask your public ip).

example: My network is 10.0.0.0/24, my tunnel 10.0.30.2, my route table:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    50     0        0 tun0
default         vault.lan       0.0.0.0         UG    600    0        0 wlp3s0
10.0.0.0        0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0
vault.lan       0.0.0.0         255.255.255.255 UH    50     0        0 wlp3s0
10.0.30.0       0.0.0.0         255.255.255.0   U     50     0        0 tun0
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 wlp3s0
ipxx-xx-xx-xx   vault.lan       255.255.255.255 UGH   50     0        0 wlp3s0

Michael2000 · February 1, 2023, 7:52pm

Thanks for getting back to me. Here is my routing table after connecting with OpenVPN Connect (IP is 10.0.0.2):

pavlos · February 1, 2023, 8:06pm

what ip did you use for your tunnel network?

Michael2000 · February 1, 2023, 8:13pm

I used 10.0.0.0/24 for the tunnel network.

I think I found the problem. I can ping 192.168.0.160, the WiFi AP, but I can’t connect to it with a browser. Some devices do not allow access from networks off the local LAN.

I got the Windows computers to start responding by changing firewall settings to allow ALL IPs, rather than just Local LAN.

Some commercial firewalls will let you program them so the VPN device assumes a local LAN IP, so the device thinks you are trying to connect using a Local LAN device. I’m not sure how to do this with pfsense.

pavlos · February 1, 2023, 8:20pm

tunnel has to be on a different subnet than the main network.

Michael2000 · February 1, 2023, 8:33pm

Thanks. Main LAN is 192.168.0.0/24. Remote LAN is 192.168.100.0/24. Tunnel is 10.0.0.0/24.