Pfsense OpenVPN Server networking issues

spikebyte · February 16, 2021, 9:46am

Hey all,
I could use a hand trying to figure out what’s up. When I connect to the OpenVPN server on my pfsense box, I can access most IPs on the network, but my proxmox host and it’s vms are totally inaccessible. I am only able to access my services via the HAProxy virtual IP I configured that points at the proxmox host and vms.

I have added the subnet for the VPN network to the LAN and other networks I want to be accessible, but it didn’t seem to help.

Anything I should try to figure this out?

Any help would be much appreciated!

badi95 · February 17, 2021, 6:49pm

Is the network you are connecting from the same subnet as the proxmox host and vms? I had a similar issue when they were the same subnet. I ended up adding a route to my openvpn config I was using on the client for the ips I wanted to get to on the host network.

spikebyte · February 18, 2021, 5:17am

On interesting. I am not using the same subnet. My main network is 192.168.1.0/24, the subnet I connect from is 192.168.30.0/24, the vpn network is 192.168.70.0/24.

I’ve narrowed it down to hosts that connect to a secondary network. I might have to try adding a route. Thanks for the idea.

JDM_WAAAT · February 18, 2021, 10:50pm

I’m also using a different subnet.

jcpingu · April 26, 2021, 8:48pm

Was there any update on this?

spikebyte · April 27, 2021, 8:14am

Unfortunately no. What I suspect is that there is some routing issue. The proxmox hosts are connected to two different networks. The primary network runs on 192.168.1.0/24 with the .1 standard default gateway. The secondary network is connected with a 192.168.30.0/24 network. All other hosts on the network are accessible, but the proxmox host’s vms are a no go.

I’m not really sure how to add a route for the OpenVPN stuff only for specific hosts.

bob · April 28, 2021, 7:23pm

Networks can be added using the “IPv4 Local network(s)” in the Tunnel Settings of the OpenVPN server configuration.

Putting 192.168.1.0/24,192.168.30.0/24 in that box should make both networks available over the VPN.

spikebyte · May 1, 2021, 9:54pm

I added that to the configuration and unfortunately didn’t make a difference.

bob · May 1, 2021, 10:49pm

Do your firewall rules allow traffic between 192.168.70.0/24 and 192.168.30.0/24?

JDM_WAAAT · May 3, 2021, 4:06pm

Try this, where:

push "route 192.168.x.x 255.255.255.0"

is your main local network.

bob · May 3, 2021, 4:29pm

You probably want to make the mask 255.255.0.0 and grab both subnets in one go, so long as 192.168 is also not used locally.