OpenVPN server for LAN Access

Started by Pungon, February 13, 2019, 02:48:37 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 13, 2019, 02:48:37 PM
Hi!

I want to access the LAN of my OpnSense firewall from the outside.
I've already made the proper setup and i'm able to connect to the VPN from the outside and the internet traffic is sucessfully routed trought the firewall. My main issue right now is that i'm unable to ping/access any host on the LAN.

My configuration : https://imgur.com/a/D1DNrpH
(if not inclued then default)

My LAN is 10.0.0.0/8 and my DNS is 10.10.10.50

Does anyone have an idea?
Thanks
February 13, 2019, 03:17:16 PM #1 Last Edit: February 13, 2019, 03:31:07 PM by myksto
Hi.
I can't see any rule from your VPN network to your LAN network.
Do some test connecting through the VPN, pinging some hosts inside your LAN, looking at the firewall logs: you should see that your ICMP packets are blocked by the firewall.
If that's the case, create the appropriate rules to permit access to the services you need from the VPN to the LAN and you should be ok.

Cheers,
Michele.
February 13, 2019, 03:42:40 PM #2
I have this rule on the OpenVPN interface : https://i.imgur.com/t14XCok.png
I don't know if it's enough or i need to create a rule on the LAN interface.
February 13, 2019, 03:50:26 PM #3
You omitted to attach the VPN rules before...  ;)
Anyway with that rule you permit everything to everywhere from the VPN network (a bit dangerous on my opinion) and you should be able to connect to your hosts on the LAN segment. No need to create any rule on the LAN network.
What kind of services are you trying? Rdp, ftp, icmp, ecc.?
What is showing in your firewall logs? I mean, do your packets reach your LAN hosts or not?

Cheers,
Michele.
February 13, 2019, 04:06:13 PM #4
I'm trying with the HTTP protocol but i can't see any request from the OpenVPN interface on the firewall log :(
I think the problem is from my OpenVPN settings, not from the firewall itself.
February 13, 2019, 04:28:14 PM #5 Last Edit: February 13, 2019, 05:00:44 PM by myksto
If you can't see anything in firewall logs it should be for these reasons:

  • packets from VPN client don't reach the firewall
  • packets reach the firewall, reach your hosts but are not correctly routed back to the VPN client
  • you hosts in LAN somehow block some traffics (firewall?)
  • a mix of these reasons
Anyway you have to investigate more.
Sorry I can't you help you any further.  :(

Cheers,
michele.
Print
Go Up Pages1
User actions