Pfsense OpenVPN Server networking issues

spikebyte · June 18, 2021, 6:22pm

Hey all,
I could use a hand trying to figure out what’s up. When I connect to the OpenVPN server on my pfsense box, I can access most IPs on the network, but my proxmox host and it’s vms are totally inaccessible. I am only able to access my services via the HAProxy virtual IP I configured that points at the proxmox host and vms.

I have added the subnet for the VPN network to the LAN and other networks I want to be accessible, but it didn’t seem to help.

Anything I should try to figure this out?

Any help would be much appreciated!

Update: finally got around to drawing a network diagram

badi95 · February 17, 2021, 6:49pm

Is the network you are connecting from the same subnet as the proxmox host and vms? I had a similar issue when they were the same subnet. I ended up adding a route to my openvpn config I was using on the client for the ips I wanted to get to on the host network.

spikebyte · February 18, 2021, 5:17am

On interesting. I am not using the same subnet. My main network is 192.168.1.0/24, the subnet I connect from is 192.168.30.0/24, the vpn network is 192.168.70.0/24.

I’ve narrowed it down to hosts that connect to a secondary network. I might have to try adding a route. Thanks for the idea.

JDM_WAAAT · February 18, 2021, 10:50pm

I’m also using a different subnet.

jcpingu · April 26, 2021, 8:48pm

Was there any update on this?

spikebyte · April 27, 2021, 8:14am

Unfortunately no. What I suspect is that there is some routing issue. The proxmox hosts are connected to two different networks. The primary network runs on 192.168.1.0/24 with the .1 standard default gateway. The secondary network is connected with a 192.168.30.0/24 network. All other hosts on the network are accessible, but the proxmox host’s vms are a no go.

I’m not really sure how to add a route for the OpenVPN stuff only for specific hosts.

bob · April 28, 2021, 7:23pm

Networks can be added using the “IPv4 Local network(s)” in the Tunnel Settings of the OpenVPN server configuration.

Putting 192.168.1.0/24,192.168.30.0/24 in that box should make both networks available over the VPN.

spikebyte · May 1, 2021, 9:54pm

I added that to the configuration and unfortunately didn’t make a difference.

bob · May 1, 2021, 10:49pm

Do your firewall rules allow traffic between 192.168.70.0/24 and 192.168.30.0/24?

JDM_WAAAT · May 3, 2021, 4:06pm

Try this, where:

push "route 192.168.x.x 255.255.255.0"

is your main local network.

bob · May 3, 2021, 4:29pm

You probably want to make the mask 255.255.0.0 and grab both subnets in one go, so long as 192.168 is also not used locally.

spikebyte · June 18, 2021, 6:36pm

Now that I have a diagram to refer to, here’s a more specific example.

I have SSH and a few other services exposed to the internet via NAT+Firewall. Those work just fine from the internet and are all able to reach all network sources from the inside, but that’s just SSH so I expect that.

The issue I am having is that when I connect to OpenVPN on the pfsense box (the macOS host with 192.168.77.5 IP), I am unable to access any VM or Host that’s connected to the “Layer 2” switch, which ends up being literally anything on the Proxmox hypervisor. I AM however able to connect to the raspberry pi, macOS host inside the network or any other network resource without issue…

Recently I have added a connection from the WiFi bridge to the pfsense router so that I could hopefully add some static routes or a gateway to relay back. I am now able to ping 192.168.30.1 from pfsense as well as all the other hosts on the “Layer 2” switch just fine.

I added allow rules in the firewall between the 192.168.30.0/24 and 192.168.1.0/24 both directions, but I am still unable to get access from VPN.

Any ideas?