2

I have an OpenVPN Server on pfSense. The tunnel is on a private network 10.21.4.0/24, but the LAN is on 10.21.1.0/24.

How can I route the VPN clients from the tunnel to the LAN?

My current setup includes:

  • An Open VPN server (made with the wizard)

  • Firewall rules on OpenVPN to allow traffic from all protocols, on all destinations and sources and all their respective ports and all gateways

  • An Firewall NAT outbound rule to map any source to the tunnel network (10.21.4.0/24)

  • I haven't enabled the OPT1 interface

David
  • 121
  • 1
  • 7
  • OK, a few questions...is the pfSense box the internet gateway for the LAN? If so, it pretty much should just work. If not, you need to understand basic routing to inform the LAN gateway that the way to 10.21.4.0/24 is through the pfSense LAN ip....so start there. Also you'll need to make sure you added a pass rule for VPN traffic on the pfSense box. – quadruplebucky Jun 11 '17 at 20:48
  • It's hard to understand clearly what exactly you are asking. Please edit your question to describe how you have things currently configured, and in detail, what you're trying to accomplish. – EEAA Jun 11 '17 at 20:49

1 Answers1

1

This is completely normal and they should be different subnets. See PfSense OpenVPN RAS documentation.

Tunnel Network -- Should be a new, unique network that does not exist anywhere in the current network or routing table.

Local Network -- The network here on the server that the clients will need to reach, for example 192.168.1.0/24

If your route (not redirection) between these two doesn't work, did you add the automatic firewall rules during wizard? If not, you may want to start over and follow the documentation I linked above.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122