0
I have a gateway machine—running under pfSense—and it has VPN
connection to private network in range 10.0.0.0/8
.
I have standalone OpenVPN program, which allows me to connect to this net successfully. Now I would like to setup the same access on pfSense and allow all computers on my LAN to access that private net.
I have the following config for standalone
When I am connecting to this VPN with standalone, it is asking me a name and password. I put this name password pair into /etc/vpnpassword
file on pfSense
filesystem.
Next I tried to reproduce the config on pfSense web interface:
BEGINNING
First I have added static route on pfSense
saying, that all traffic to this network should go via this VPN
interface. And if I ping some of the 10.0.0.0/8
addresses in the range from the pfSense
shell it works well.
But if I ping the address from some other machine from my LAN, it goes trough "default" gateway of pfSense
.
Why and how to fix?
UPDATE
I have the following VPN entry:
I have added interface here manually and attached it to ovpnc1
logical name taken from OpenVPN
logs
I was unable to config DHCP
for VPN
-- it was causing errors. But it obtains IP
somehow.
Now I have the following gateways:
I don't understand, where OVPNC1_VPNV6
came from.
Finally I have the following static routes:
This page has a warning below:
Note: Do not enter static routes for networks assigned on any interface of this firewall. Static routes are only used for networks reachable via a different router, and not reachable via your default gateway.
which implies that my routes are unneeded.
But why isn't it working then?
UPDATE 2
Now I have removed manually created interface from Interfaces
tab. This caused disappearance of OpenVPN
from some places like routing. But it remained on pages like Firewall
or NAT
.
Probably this is an expected way to config.
Unfortunately, it didn't give any results: VPN addresses can be pinged from pfSense shell but can't be pinged from LAN computers.
UPDATE 3
I found a place where to put remote LAN addresses -- it was on OpenVPN setup page:
It helped me, but partially. Now I can ping 10.72.8.1
, but can't ping 10.75.6.33
. I was unable to ping former address before last setting made.
UPDATE 4
The following setting also do not help
“…if I ping the address…” What address? I ask because this is expected behavior, “…it goes trough "default" gateway of pfSense.” – JakeGould – 2014-10-05T00:27:00.707
Address 10.72.8.1 and similar. Why is it expected behavior? I was suspecting this, but can't understand. If router was told that some address is reachable via some interface, then why isn't it route accordingly? Please explain. – Dims – 2014-10-05T08:05:24.113