Pfsense OpenVPN Server networking issues

Hey all,
I could use a hand trying to figure out what’s up. When I connect to the OpenVPN server on my pfsense box, I can access most IPs on the network, but my proxmox host and it’s vms are totally inaccessible. I am only able to access my services via the HAProxy virtual IP I configured that points at the proxmox host and vms.

I have added the subnet for the VPN network to the LAN and other networks I want to be accessible, but it didn’t seem to help.

Anything I should try to figure this out?

Any help would be much appreciated!

Is the network you are connecting from the same subnet as the proxmox host and vms? I had a similar issue when they were the same subnet. I ended up adding a route to my openvpn config I was using on the client for the ips I wanted to get to on the host network.

On interesting. I am not using the same subnet. My main network is 192.168.1.0/24, the subnet I connect from is 192.168.30.0/24, the vpn network is 192.168.70.0/24.

I’ve narrowed it down to hosts that connect to a secondary network. I might have to try adding a route. Thanks for the idea.

1 Like

I’m also using a different subnet.

Was there any update on this?

Unfortunately no. What I suspect is that there is some routing issue. The proxmox hosts are connected to two different networks. The primary network runs on 192.168.1.0/24 with the .1 standard default gateway. The secondary network is connected with a 192.168.30.0/24 network. All other hosts on the network are accessible, but the proxmox host’s vms are a no go.

I’m not really sure how to add a route for the OpenVPN stuff only for specific hosts.

Networks can be added using the “IPv4 Local network(s)” in the Tunnel Settings of the OpenVPN server configuration.

Putting 192.168.1.0/24,192.168.30.0/24 in that box should make both networks available over the VPN.

I added that to the configuration and unfortunately didn’t make a difference.

Do your firewall rules allow traffic between 192.168.70.0/24 and 192.168.30.0/24?

Try this, where:

push "route 192.168.x.x 255.255.255.0"

is your main local network.

You probably want to make the mask 255.255.0.0 and grab both subnets in one go, so long as 192.168 is also not used locally.