Routing remote access (OVPN) to peer-to-peer (OVPN) subnet

teppote

Hi,

I have issues with routing IP packets from/to OVPN remote access to OVPN peer-to peer subnet.
Net infra I have in two different locations netgate pfsense+ (21.05.1) with subnets .5.x and .10.x. Between those I have peer-to-peer VPN (10.10.1.0 OVPN).
Then I have remote access VPN (OVPN 10.0.10.0) connected to .5.x subnet
Both VPN's working properly but when I need to connect server (located .10.x subnet) it's not work from remote access VPN. (.5.x subnet)

I tried to set up DNS, gateways, static route, FW (Rules/port forward) by properly way but still packets don't routed from remote access VPN to .10.x subnet....

After investigate packet routing I'm almost 100% sure that packet from remote access routing to WAN (.1.1 (gateway to out), not .10.x subnet. Why?
Any help to solve this issue?

viragomann

@teppote
All the routing should be done in OpenVPN. So don't set static routes to VPN endpoints!

For clarity please provide your true internal networks with mask. There is no need to hide private IPs, since nobody can reach them from outside.

In your case, if .10.x = 10.0.10.0/24 you will have a conflict with OVPN 10.0.10.0, which would explain the routing problem at all.

teppote

Thanks!
I'll check situation according your advice.