Hello,
I'm using PfSense 2.1.4 on an Alix system with 3 networks, one WAN
and two different LANs.
On this PfSense box, I've setup two OpenVPN VPNs, in peer-to-peer mode
with pre-shared keys, one with a TCP access, the other with more
classical UDP. For these two VPNs, I have external clients (not
running PfSense, but OpenVPN) which successfully connect to my PfSense
box. From my system, located on a private LAN connected to one of the
two PfSense's LAN interfaces (I'm using gateways to send back traffic
to this private lan), I can access to Internet, and also to the
client OpenVPN systems, and their private LANs as I added routes for
this in the OpenVPN configuration.
I would like now to access my system from these client OpenVPN systems,
but it doesn't work now, and I don't understand why :
I can do 'ping <my private LAN address>', the ping get an answers, but
if I try an SSH connection, I can't access to my local system from
these client OpenVPN systems, and on the PfSense box, when looking in
Firewall tab in Status->System logs, filtering on my private LAN
address/port 22, I find the connection packets (TCP Syn) are blocked :
Act Time If Source Destination Proto
block Feb 17 12:29:14 ovpns2 10.0.9.2:42233 172.22.22.41:22
TCP:S
When clicking on the 'block' icon, I get :
The rule that triggered this action is:
@5 block drop in log inet all label "Default deny rule IPv4"
I've tried to allow any traffic from the OpenVPN networks in Firewall Rules
without change. If I try also the 'Easy Rule' in System Logs/Firewall to add a
rule to allow this connections, it doesn't change, the connections are still
blocked :-(
I didn't use named interface for OpenVPN servers, could it be helping for my
problem ?
If you have any advice, or need more information, please tell me !
With regards,
Fred.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
