Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No Remote Network Access, VPN Network works fine. Routing issue?

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 616 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      luthes
      last edited by

      Hey guys, I'm having an issue where I can't connect to any of my remote networks. I have no issues connecting over the VPN network though. So, per the diagram, from any of those networks I can ping the 192.168.10.0/24 network, but from any of the networks (including the 192.168.10.0/24) I can't ping the other 40, 50, and 60 networks. I had this working about a week ago, but I'm not sure what could have changed between now and then to cause it to stop.

      I've noticed some odd routing in the pfSense routing tables

      Routing tables
      
      Internet:
      Destination        Gateway            Flags      Netif Expire
      default            73.109.128.1       UGS         em0
      10.0.40.0/24       10.0.40.1          UGS      ovpns2
      10.0.40.1          link#10            UHS         lo0
      10.0.40.2          link#10            UH       ovpns2
      10.72.8.0/24       10.72.8.1          UGS      ovpns1
      10.72.8.1          link#9             UHS         lo0
      10.72.8.2          link#9             UH       ovpns1
      17.31.16.0/20      10.0.40.2          UGS      ovpns2
      [Public Network]    link#1             U           em0
      [Public IP address]     link#1             UHS         lo0
      75.75.75.75        36:66:39:36:39:33  UHS         em0
      75.75.76.76        36:66:39:36:39:33  UHS         em0
      127.0.0.1          link#8             UH          lo0
      192.168.10.0/24    link#2             U           em1
      192.168.10.1       link#2             UHS         lo0
      192.168.40.0/24    10.0.40.2          UGS      ovpns2
      192.168.50.0/24    10.0.40.2          UGS      ovpns2
      
      

      10.0.40.2 is a client, so I'm not sure why the traffic would route from the VPN back to a client to get to the 10.0.40.2 network. Is this some kind of loop? I'm not sure.

      My configs are posted below, with sensitive information redacted.

      
      #Server Configuration
      dev ovpns2
      verb 1
      dev-type tun
      tun-ipv6
      dev-node /dev/tun2
      writepid /var/run/openvpn_server2.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local [Public IP Address]
      tls-server
      server 10.0.40.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc/server2
      ifconfig 10.0.40.1 10.0.40.2
      lport 1195
      management /var/etc/openvpn/server2.sock unix
      push "route 192.168.10.0 255.255.255.0"
      push "route 192.168.40.0 255.255.255.0"
      push "route 17.31.16.0 255.255.240.0"
      push "route 192.168.50.0 255.255.255.0"
      route 192.168.10.0 255.255.255.0
      route 192.168.40.0 255.255.255.0
      route 17.31.16.0 255.255.240.0
      route 192.168.50.0 255.255.255.0
      ca /var/etc/openvpn/server2.ca 
      cert /var/etc/openvpn/server2.cert 
      key /var/etc/openvpn/server2.key 
      dh /etc/dh-parameters.1024
      topology subnet
      
      
      
      #School Server Configuration
      client
      dev tun
      proto udp
      remote [hoistname] 1195
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      ca "C:\\Program Files\\OpenVPN\\config\\AD+Certificate+Authority.crt"
      cert "C:\\Program Files\\OpenVPN\\config\\AD+Client+Cert+School.crt"
      key "C:\\Program Files\\OpenVPN\\config\\AD+Client+Cert+School.key"
      remote-cert-tls server
      cipher AES-128-CBC
      verb 3
      
      

      *Note: Site C Should have a VPN Address of 10.0.40.3

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.