Everything on the LAN subnet can talk to everything else on the subnet, and any outside client of OpenVPN can do the same, but only virtual hosts on the virtual part of the subnet can be reached from WireGuard clients.
I have an identical rule for WireGuard to reach the LAN subnet as the one I have for OpenVPN, but only the latter is working as expected. None of the physical hosts connected through the AP or the desktop PC respond to the client in any way. Only the VMs and LXCs and pfSense itself are accessible from the client. Now I have set up the WireGuard plugin on pfSense and I can successfully connect through the WireGuard tunnel, but something very odd is happening when I try to reach hosts on the LAN subnet. For either kind of tunnel all hosts on the LAN subnet are reachable from the OpenVPN clients, both the Proxmox VMs/LXCs on the virtual network and all the physical hosts on the WiFi AP (both wired and wireless) or the desktop. Some clients are configured for a split tunnel so they access only the 192.168.1.0/24 subnet on my LAN, while other clients are configured for a full tunnel so all traffic, including back out to the internet, is funneled through the OpenVPN tunnel. Every host on the subnet can successfully talk to each other.įor years now I've had an OpenVPN server running on pfSense which works perfectly. With this configuration the pfSense LAN side, those four VMs/LXCs, the desktop PC, and any devices connected to the WiFi AP all have IP addresses on the 12.168.1.0/24 subnet. There are also three physical NICs attached to that same virtual subnet, one of which is connected directly to a WiFi access point, and one other that is directly connected to a physical NIC on a desktop PC.
I have four other Proxmox VMs/LXCs running with a virtual NIC on the same virtual subnet as the pfSense LAN NIC. I have pfSense running as a VM in Proxmox. r/pfblockerng /r/sysadmin /r/networking /r/homelab /r/homenetworking This is a community subreddit so lets try and keep the discourse polite. This subreddit is primarily for the community to help each other out, if you have something you want the maintainers of the project to see we recommend posting in the appropriate category on our Netgate forum. If you are looking to sell or buy used hardware, please try /r/hardwareswap. If you are looking for help with basic networking concepts, please try /r/homelab or for more advanced, /r/networking.ĭo not post items for sale in this subreddit. Use a search engine like Google to search across the domain: We have a great community that helps support each other, but we also provide 24x7 commercial support.īefore asking for help please do the following: You can install the software yourself on your own hardware. You can buy official pfSense appliances directly from Netgate or a Netgate Partner. The pfSense project is a free, open source tailored version of FreeBSD for use as a firewall and router with an easy-to-use web interface.
0 kommentar(er)
