LAN network: 192.168.83.0/24
pfSense address: 192.168.83.2
TrueNAS address: 192.168.83.20
Tunnel network: 172.16.0.0/24
Goal was to remote into TrueNAS.
From outside the network, we could NOT ping the 192.168.83.0/24 network resources.
UNTIL we found a OpenVPN forum post to manually add 2 lines to the config file.
route-nopull
route 192.168.83.0 255.255.255.0
Anyone else had this problem with the pfSense OpenVPN client export wizard?
I find it hard to believe I needed to do this to make the whole thing work. I’ve watched many OpenVPN YouTube videos and found no mention of this quirk.
Did I miss something in the “server” config or the “client” config in pfsense?
Just for clarification: Connection worked fine; once connected there was no contact with the LAN.
UNTIL the modifications to the client file were made.
Does the good connection indicate my “certs” were OK?
I treat OpenVPN as its own network, so I have an interface for it and the rules page will then display for that interface. IMO that gives greater control, or at least I can work out what is happening. I don’t like using the wizard for setting up OpenVPN.
Sounds like your certs are ok and you need to work on your rules.
My logic is set up everything manually, walk through it step by step.
If you wanted to set up a 2nd OpenVPN server you’d need to assign it to a new interface, may as well do it from the beginning.
Just think of your OpenVPN as a second network and set up the rules. However, you’re using the same network no idea if that is the best idea, I don’t do that.
If I don’t assign an interface to my instance, but just leave the OpenVPN firewall rule wide open, the Routing Default menu does not have a gateway other than “Automatic” or the LAN side gateway as a selection.
I just can’t believe that the pfsense OpenVPN server/client process (routing from WAN through a tunnel) does not give LAN access as a default setup.
BTW, I agree with manual setup and I setup another server on UDP 1195. I’m still working through the logic.