On Thu, Oct 12, 2017 at 7:48 AM, tec...@protonmail.com <tec...@protonmail.com> wrote: > I have been reading through the Book of PF (3rd edition) and other resources > on the web (FAQ), so far so good but I'm hitting some roadblocks. This > router I have built is also acting as a client to an external VPN server, it > works and my client is getting a connection just fine. The problem is that > whenever OpenVPN is active I cannot SSH in from a specific subnet - my pf > rules aren't right. Is there some obvious issue with my rules standing out > to you? I appreciate you looking, thanks. > > Topology: > [pfSense Router: 192.168.1.1] (wifi lan subnet 192.168.2.0/24 / ethernet lan > subnet 192.168.1.0/24) ------ Unmanaged Switch ------ [OpenBSD router : > 192.168.1.100] (ethernet lan subnet 10.0.0.0/24) > > What doesn't work: > pfSense clients on the wifi lan subnet SSH'ing in to the OpenBSD router > (when OpenVPN is active on the OpenBSD router)
I suspect that you have an address conflict between your WiFi network and the networks that are reachable via OpenVPN. I'm guessing your VPN service is either giving you a 192.168.2.x address for your OpenVPN client, or they are pushing a route to their own 192.168.2.0 network that takes precedence over your own. The output of "netstat -nrf inet" (while OpenVPN is active) will help to identify the problem. -ken
