Hi, I have a question about a behavior I don’t know where to start looking for in order to solve. Why i can access remotely one of my server over openvpn which is behind a PSsense firewall and I’m not able to reach for a switch under the same network conditions?
Sounds like the switch may be blocking the connection. Many switches allow you to define a list of networks from which access to the management features is allowed (GUI and SSH mainly). Remember that a client from the VPN will usually have an IP address from a subbnet of 10.0.0.0/8.
Also, each device,such as a switch, needs to have a gateway or it can not route back to the VPN client.
I’m sorry but I’m a bit lost. I don’t find anywhere a place to specify what networks the switch can be managed by.
Maybe I’m wrong and I’m missing something…when I login through a VPN it’s not as I am logged in directly to the same network as if I am on the same LAN? Should I be able to reach everything as if I am on the same LAN?
I can’t find what you are talking…I cannot specify more networks nor setting up a getaway…
unfortunately it’s only a L3 from TP link…not the best brand in the world I know…
Any further help?
Let’s say your switch has an IP address of 192.168.1.2/24. Your local PC has an IP address of 192.168.1.3/24. They are in the same network. When you log into the VPN, the client gets an IP address of, let’s say, 10.0.8.2/24. That client is not in the same network as the switch. If the switch only allows access from machines that are in the same network as itself (meaning the source address of the packets must be in the 192.168.1.0/24 network), then the VPN client is denied access.
I believe on TP-Link switches you’ll find that configuration option in the left-hand side menu under System -> Access Security. For more specific help you’ll need to tell what exact model of switch you are using.
I’m using the T1700G-28TQ 3.0
But why I don’t have the same issue to access my main PFSense firewall and my one of my other server?
Should I do this on every device I have on the network?
I also have two consumer netgear modem router combo unit, one used as an access point and the other used as a switch. I can connect remotely through the VPN with only one of the two… I’m confused
Every device (switch, server, PC, etc.) has its own firewall. It is up to the device to decide what traffic to allow and what to block. For switches this behavior is quite common. Since you can access the pfSense GUI that means that there is a firewall rule on the OpenVPN interface granting you access.
To configure access control for your specific switch model, have a look at the manual at page 556.
By the way, for devices that don’t allow you to configure which sources to allow access to (I would expect this to be the case for the combo unit you mentioned), you can get around that issue by using a NAT rule on the pfSense.
I’ll try as you suggest but I didn’t enable anything on that page in order to be able to access the switch from the local Network.
I think I might need more help🤪