Issue:
Managed switch at 192.168.1.2 was reachable via ARP but "filtered" on all ports during Nmap scans over OpenVPN. The switch had a misconfigured Default Gateway (.254 instead of .1.1), causing a routing dead-end where the switch could receive packets but couldn't route replies back to the 10.8.0.0/24 VPN subnet.
Temporary Resolution (VPN):
Implemented a Hybrid Outbound NAT rule in pfSense on the LAN interface. This masqueraded VPN traffic as coming from the LAN interface IP (192.168.1.1), tricking the switch into responding to a local address. Once GUI access was gained, the System Default Gateway was corrected to 192.168.1.1 and saved to flash.
Resolution:
Update switch gateway to correct gateway. In this case it was .254 to .1
๐ฝ
No comments:
Post a Comment