I'm running a Netgate SG-5100 pfSense firewall (2.4.5-RELEASE-p1). When I connect to the OpenVPN connection, I can reach MOST IPs in the LAN, but not all. The VPN is setup to give out 10.0.8.0/24 to the VPN client, and route that over to 10.0.0.0/24 (the internal LAN).
If it was the entire LAN, I'd know where to start, but since it is only certain IPs, I'm at a loss. For example:
I'm running Hyper-V on a Windows 2019 server, hosting Windows 7 Pro guests. All the VMs have static IPs in the 10.0.0.0 network. All guests can be reached from any computer attached to the LAN switch, and the pfSense firewall can also reach them all. Certain guests however can not be reached from when I'm connected to the OpenVPN however. Initially it seemed like it was a IPv6 issue (if the guest had the gateway set to the pfSense IPv6 address, it would usually fail through the VPN, but if I turned off IPv6 on the VM it was more likely to succeed).
The problem is it is not consistent and that trick does not always work. It's almost like the pfSense is registering the individual IPs in its lookup table and it sometimes fails to register or loses one, but it only affects the VPN routes.
VPN Config:
Server Mode: Remote Access (SSL/TLS +User Auth)
Protocol: UDP on IPv4 only
Device mode: tun - Layer 3 Tunnel Mode
Interface: WAN
Local Port: 1194
IPv4 Tunnel Network: 10.0.8.0/24
IPv6 Tunnel Network: <blank>
Redirect IPv4 Gateway: NOT CHECKED Force all client-generated IPv4 traffic through the tunnel
IPv4 Local network: 10.0.0.1/24
Inter-client communication: [NOT CHECKED] Allow communication between clients connected to this server
Dynamic IP: [X] Allow connected clients to retain their connections if their IP changes
Topology: Subnet - One IP address per client in a common subnet
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
