0
I have a gateway machine—running under pfSense—and it has VPN connection to private network in range 10.0.0.0/8.
I have standalone OpenVPN program, which allows me to connect to this net successfully. Now I would like to setup the same access on pfSense and allow all computers on my LAN to access that private net.
I have the following config for standalone
When I am connecting to this VPN with standalone, it is asking me a name and password. I put this name password pair into /etc/vpnpassword file on pfSense filesystem.
Next I tried to reproduce the config on pfSense web interface:
BEGINNING
First I have added static route on pfSense saying, that all traffic to this network should go via this VPN interface. And if I ping some of the 10.0.0.0/8 addresses in the range from the pfSense shell it works well.
But if I ping the address from some other machine from my LAN, it goes trough "default" gateway of pfSense.
Why and how to fix?
UPDATE
I have the following VPN entry:
I have added interface here manually and attached it to ovpnc1 logical name taken from OpenVPN logs
I was unable to config DHCP for VPN -- it was causing errors. But it obtains IP somehow.
Now I have the following gateways:
I don't understand, where OVPNC1_VPNV6 came from.
Finally I have the following static routes:
This page has a warning below:
Note: Do not enter static routes for networks assigned on any interface of this firewall. Static routes are only used for networks reachable via a different router, and not reachable via your default gateway.
which implies that my routes are unneeded.
But why isn't it working then?
UPDATE 2
Now I have removed manually created interface from Interfaces tab. This caused disappearance of OpenVPN from some places like routing. But it remained on pages like Firewall or NAT.
Probably this is an expected way to config.
Unfortunately, it didn't give any results: VPN addresses can be pinged from pfSense shell but can't be pinged from LAN computers.
UPDATE 3
I found a place where to put remote LAN addresses -- it was on OpenVPN setup page:
It helped me, but partially. Now I can ping 10.72.8.1, but can't ping 10.75.6.33. I was unable to ping former address before last setting made.
UPDATE 4
The following setting also do not help
Dims
Posted 2014-10-05T00:06:27.500
Reputation: 8 464
“…if I ping the address…” What address? I ask because this is expected behavior, “…it goes trough "default" gateway of pfSense.” – JakeGould – 2014-10-05T00:27:00.707
Address 10.72.8.1 and similar. Why is it expected behavior? I was suspecting this, but can't understand. If router was told that some address is reachable via some interface, then why isn't it route accordingly? Please explain. – Dims – 2014-10-05T08:05:24.113