@debbie10t It was a toss-up as to whether I posted the question to Pfsense or OpenVPN. Since my original issue is getting access to another box behind the VPN, I figured I would go here. This approach also gave me the benefit of someone likely confirming my diagnosis, which is VPN related. Sometimes I can be wrong on my interpretation of the issue and diagnosis.
Thanks for looking this over and confirming my diagnosis and proposing a possible solution. I have a relatively simple installation of PfSense, so I have not played with it much and was not sure if Static Routes is what I needed. I will set this up later today and test it when I am remote to the box this weekend. @Mathias I do have other boxes behind the VPN server that I may desire reaching also. That is why I was considering a single change on the gateway, rather than making changes on each and every box. And, so I don't have to remember to do it again when I swapped out a box. Jeff On 11/19/2015 9:42 PM, debbie...@gmail.com wrote: > This mailing list is not the right place to ask this question > This is for OpenVPN support not pfsense. > > > However, as I have a pfsense VM, I looked at this for you > and conclude the following: > > 1. You have identified the details of the route you need to add, > 2. You have identified the network device which needs the route. > > So, from what I can see on pfsense 2.1.5-i386 you can add this: > > # pfsense administration page: > System > Static Routes > Add/Edit Route > + Destination network = Your VPN network (or remote network possibly) > + Gateway = Your VPN server LAN IP (May need to be manually added) > + Enabled = Yes > + Description = your text > = Save > > And that would add the static route to the pfsense router > pointing at the LAN IP of your VPN server. > > Regards > > > ----- Original Message ----- From: <jbo...@meridianenv.com> > To: <openvpn-users@lists.sourceforge.net> > Sent: Thursday, November 19, 2015 9:09 PM > Subject: [Openvpn-users] Can't ping another box behind OpenVPN server > > >> Greetings - >> >> I have a working OpenVPN server that I can access remotely, but now I >> want >> to access another box behind the OpenVPN server from the remote >> client. I >> have read the how-to's and FAQ on the OpenVPN website, and I believe >> that >> I need to make one change which is described by this statement: add a >> route in the default gateway for the VPN network IP subnet pointing >> to the >> OpenVPN machine. >> >> My topology >> >> Remote client network 192.168.123.0/24 >> VPN network 10.8.9.x >> >> VPN Server 10.9.8.1 >> Server LAN network 192.168.112.0/24 >> VPN Server LAN IP 192.168.112.50 >> >> DNS/DHCP Server 192.168.112.51 >> Gateway/Firewall/Router 192.168.112.11 >> >> I can access the VPN server at ...50, and I would like to access another >> server which is at ...53. However pinging from the client when >> connected >> to the VPN returns this: >> >> C:\>ping 192.168.112.53 >> Pinging 192.168.112.53 with 32 bytes of data: >> Reply from 10.9.8.1: Destination host unreachable. >> >> I have ipforwarding enabled on the VPN server (CentOS 6) box. Based on >> the ping response, and since *my LAN router is not the same box as >> the VPN >> server*, I have concluded that I need to add a route in my LAN default >> gateway for the VPN network IP subnet pointing to the OpenVPN box. >> >> My gateway/router box is running PfSense and the routing table for it >> shows: >> >> [2.1.2-RELEASE][ad...@pfgateway.mei.lan]/root(2): netstat -rn >> Routing tables >> >> Internet: >> Destination Gateway Flags Refs Use Netif >> Expire >> default 66.171.190.17 UGS 1 663197177 bge0 >> xxx.yy.190.16/28 link#1 U 0 49927480 bge0 >> xxx.yy.190.18 link#1 UHS 0 0 lo0 >> xxx.yy.190.19 link#1 UHS 0 0 lo0 => >> xxx.yy.190.19/32 link#1 U 0 0 bge0 >> xxx.yy.190.20 link#1 UHS 0 0 lo0 => >> xxx.yy.190.20/32 link#1 U 0 0 bge0 >> xxx.yy.190.21 link#1 UHS 0 0 lo0 => >> xxx.yy.190.21/32 link#1 U 0 0 bge0 >> xxx.yy.190.22 link#1 UHS 0 0 lo0 => >> xxx.yy.190.22/32 link#1 U 0 0 bge0 >> 127.0.0.1 link#6 UH 0 560 lo0 >> 192.168.112.0/24 link#2 U 0 848109484 rl0 >> 192.168.112.11 link#2 UHS 0 99857580 lo0 >> >> I don't generally touch the command line on the PfSense box, as >> everything >> is done through the web interface, but this was the easiest way to paste >> the routing table here. >> >> Can someone explain to me how to add a route in the PfSense gateway for >> the VPN network (10.9.8.x) pointing to the OpenVPN box (192.168.112.50)? >> I am doing this remotely, so I want to be careful and not mess up >> anything >> that will cut off my access. >> >> Also, please cc me directly as I only recieve the daily digest of this >> mailing list. Thanks. >> >> Jeff >> >> >> >> ------------------------------------------------------------------------------ >> >> >> _______________________________________________ >> Openvpn-users mailing list >> Openvpn-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openvpn-users > > -- Jeff Boyce, CF Meridian Environmental 2136 Westlake Ave. North Seattle, WA 98109 206-522-8282 www.meridianenv.com ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
