0

I do have a setup with pfsense. I have configured 2 LAN subnets: 192.168.50.0/24 is a DMZ 192.168.100.0/24 is a Management

Then in DMZ I do have an openvpn server. To that server multiple clients are connecting. I would like to be able to connect to their interfaces from 192.168.100.0/24. I was able to route ping to the vpn server (seen it on tcp dump) by specifing vpn server as gateway for 10.20.0.0/24 on pfsense.

However the ping never reached tun interface (tcp dump only saw it on eth interface and not as outgoing on tun).

I do believe that I must do something with IP tables on openvpn server. Any suggestions on how to achieve rhis without switching to site-site vpn? I know that I can connect as vpn client and allow client-client but this is not prefered way.

According to this https://openvpn.net/vpn-server-resources/reach-openvpn-clients-directly-from-a-private-network/ it should be possible in openvpn access server but how to do this in standard ovpn server.

Thank you in forward

horin
  • 101
  • 1
  • Questions seeking installation, configuration or diagnostic help must include the desired end state, the specific problem or error, sufficient information about the configuration and environment to reproduce it, and attempted solutions. Questions without a clear problem statement are not useful to other readers and are unlikely to get good answers – djdomi Jun 01 '22 at 16:36
  • I think that questions is quite clear. How should I setup openvpn server to allow other hosts on the same LAN (as openvpn server) to connect to openvpn clients. The desired state is described in provided link https://openvpn.net/vpn-server-resources/reach-openvpn-clients-directly-from-a-private-network/ – horin Jun 01 '22 at 17:10
  • nope, we have here a minimum requirement and you did not follow the instructions I gave to you "musst include sufficient information about the configuration and environment to reproduce it, and attempted solutions." we are not just providing solvings, we help you on an existing basis where you already tried something. – djdomi Jun 04 '22 at 06:40

0 Answers0