Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No Remote Network Access, VPN Network works fine. Routing issue?

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 616 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      luthes
      last edited by

      Hey guys, I'm having an issue where I can't connect to any of my remote networks. I have no issues connecting over the VPN network though. So, per the diagram, from any of those networks I can ping the 192.168.10.0/24 network, but from any of the networks (including the 192.168.10.0/24) I can't ping the other 40, 50, and 60 networks. I had this working about a week ago, but I'm not sure what could have changed between now and then to cause it to stop.

      I've noticed some odd routing in the pfSense routing tables

      Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
default            73.109.128.1       UGS         em0
10.0.40.0/24       10.0.40.1          UGS      ovpns2
10.0.40.1          link#10            UHS         lo0
10.0.40.2          link#10            UH       ovpns2
10.72.8.0/24       10.72.8.1          UGS      ovpns1
10.72.8.1          link#9             UHS         lo0
10.72.8.2          link#9             UH       ovpns1
17.31.16.0/20      10.0.40.2          UGS      ovpns2
[Public Network]    link#1             U           em0
[Public IP address]     link#1             UHS         lo0
75.75.75.75        36:66:39:36:39:33  UHS         em0
75.75.76.76        36:66:39:36:39:33  UHS         em0
127.0.0.1          link#8             UH          lo0
192.168.10.0/24    link#2             U           em1
192.168.10.1       link#2             UHS         lo0
192.168.40.0/24    10.0.40.2          UGS      ovpns2
192.168.50.0/24    10.0.40.2          UGS      ovpns2

      10.0.40.2 is a client, so I'm not sure why the traffic would route from the VPN back to a client to get to the 10.0.40.2 network. Is this some kind of loop? I'm not sure.

      My configs are posted below, with sensitive information redacted.

      
#Server Configuration
dev ovpns2
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local [Public IP Address]
tls-server
server 10.0.40.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server2
ifconfig 10.0.40.1 10.0.40.2
lport 1195
management /var/etc/openvpn/server2.sock unix
push "route 192.168.10.0 255.255.255.0"
push "route 192.168.40.0 255.255.255.0"
push "route 17.31.16.0 255.255.240.0"
push "route 192.168.50.0 255.255.255.0"
route 192.168.10.0 255.255.255.0
route 192.168.40.0 255.255.255.0
route 17.31.16.0 255.255.240.0
route 192.168.50.0 255.255.255.0
ca /var/etc/openvpn/server2.ca 
cert /var/etc/openvpn/server2.cert 
key /var/etc/openvpn/server2.key 
dh /etc/dh-parameters.1024
topology subnet


      
#School Server Configuration
client
dev tun
proto udp
remote [hoistname] 1195
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\AD+Certificate+Authority.crt"
cert "C:\\Program Files\\OpenVPN\\config\\AD+Client+Cert+School.crt"
key "C:\\Program Files\\OpenVPN\\config\\AD+Client+Cert+School.key"
remote-cert-tls server
cipher AES-128-CBC
verb 3

      *Note: Site C Should have a VPN Address of 10.0.40.3

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.