This mailing list is not the right place to ask this question This is for OpenVPN support not pfsense.
However, as I have a pfsense VM, I looked at this for you and conclude the following: 1. You have identified the details of the route you need to add, 2. You have identified the network device which needs the route. So, from what I can see on pfsense 2.1.5-i386 you can add this: # pfsense administration page: > System > Static Routes > Add/Edit Route + Destination network = Your VPN network (or remote network possibly) + Gateway = Your VPN server LAN IP (May need to be manually added) + Enabled = Yes + Description = your text = Save And that would add the static route to the pfsense router pointing at the LAN IP of your VPN server. Regards ----- Original Message ----- From: <jbo...@meridianenv.com> To: <openvpn-users@lists.sourceforge.net> Sent: Thursday, November 19, 2015 9:09 PM Subject: [Openvpn-users] Can't ping another box behind OpenVPN server > Greetings - > > I have a working OpenVPN server that I can access remotely, but now I want > to access another box behind the OpenVPN server from the remote client. I > have read the how-to's and FAQ on the OpenVPN website, and I believe that > I need to make one change which is described by this statement: add a > route in the default gateway for the VPN network IP subnet pointing to the > OpenVPN machine. > > My topology > > Remote client network 192.168.123.0/24 > VPN network 10.8.9.x > > VPN Server 10.9.8.1 > Server LAN network 192.168.112.0/24 > VPN Server LAN IP 192.168.112.50 > > DNS/DHCP Server 192.168.112.51 > Gateway/Firewall/Router 192.168.112.11 > > I can access the VPN server at ...50, and I would like to access another > server which is at ...53. However pinging from the client when connected > to the VPN returns this: > > C:\>ping 192.168.112.53 > Pinging 192.168.112.53 with 32 bytes of data: > Reply from 10.9.8.1: Destination host unreachable. > > I have ipforwarding enabled on the VPN server (CentOS 6) box. Based on > the ping response, and since *my LAN router is not the same box as the VPN > server*, I have concluded that I need to add a route in my LAN default > gateway for the VPN network IP subnet pointing to the OpenVPN box. > > My gateway/router box is running PfSense and the routing table for it > shows: > > [2.1.2-RELEASE][ad...@pfgateway.mei.lan]/root(2): netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 66.171.190.17 UGS 1 663197177 bge0 > xxx.yy.190.16/28 link#1 U 0 49927480 bge0 > xxx.yy.190.18 link#1 UHS 0 0 lo0 > xxx.yy.190.19 link#1 UHS 0 0 lo0 => > xxx.yy.190.19/32 link#1 U 0 0 bge0 > xxx.yy.190.20 link#1 UHS 0 0 lo0 => > xxx.yy.190.20/32 link#1 U 0 0 bge0 > xxx.yy.190.21 link#1 UHS 0 0 lo0 => > xxx.yy.190.21/32 link#1 U 0 0 bge0 > xxx.yy.190.22 link#1 UHS 0 0 lo0 => > xxx.yy.190.22/32 link#1 U 0 0 bge0 > 127.0.0.1 link#6 UH 0 560 lo0 > 192.168.112.0/24 link#2 U 0 848109484 rl0 > 192.168.112.11 link#2 UHS 0 99857580 lo0 > > I don't generally touch the command line on the PfSense box, as everything > is done through the web interface, but this was the easiest way to paste > the routing table here. > > Can someone explain to me how to add a route in the PfSense gateway for > the VPN network (10.9.8.x) pointing to the OpenVPN box (192.168.112.50)? > I am doing this remotely, so I want to be careful and not mess up anything > that will cut off my access. > > Also, please cc me directly as I only recieve the daily digest of this > mailing list. Thanks. > > Jeff > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
