• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Create an Outbound route - Client to Site

OpenVPN
3
7
576
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    chlfigueiredo
    last edited by Dec 9, 2023, 5:23 PM

    ![alt text](image url)🔒 Log in to view

    Hello everyone, I have my first real project and I'm having difficulty finishing it, but they are already charging me, if anyone can help me I'll be very grateful for the help, I'll describe the scenario below:

    [ The client who hired me has a partnership with a clinic that provides an application for them to use, but the clinic does not allow them to access it directly in their environment, for this reason I had to create an IPSec VPN to access the application's shared location ]

    I configured an IPSec in the environment to connect the client with the clinic, all employees within the Network are working normally via the IPSec VPN, however my client has employees who work from home... so I created an openvpn connection so that They connect to pfsense, which is also working, but they cannot access the clinic's application.

    I'm not able to configure this route so that employees who are connected via openvpn can use the clinic's application... which is a host that has a shared folder at IP 192.168.20.15, can anyone help me?

    V J 2 Replies Last reply Dec 9, 2023, 5:35 PM Reply Quote 0
    • V
      viragomann @chlfigueiredo
      last edited by Dec 9, 2023, 5:35 PM

      @chlfigueiredo
      Add 192.168.20.15/32 to the "local networks" in the OpenVPN server settings.
      Then add an additional IPsec phase 2 to both endpoints for the OpenVPN access server tunnel network.

      C J 2 Replies Last reply Dec 9, 2023, 6:03 PM Reply Quote 0
      • C
        chlfigueiredo @viragomann
        last edited by Dec 9, 2023, 6:03 PM

        @viragomann
        Hi Viragomann, I'm sorry, would it be to create a rule in the openvpn tab, this first one, and the second would be what is in the image below?

        🔒 Log in to view

        V 1 Reply Last reply Dec 9, 2023, 6:45 PM Reply Quote 0
        • V
          viragomann @chlfigueiredo
          last edited by Dec 9, 2023, 6:45 PM

          @chlfigueiredo
          I was talking about an OpenVPN server setting as mentioned.
          The access must also be permitted by the firewall naturally.

          C 1 Reply Last reply Dec 9, 2023, 6:56 PM Reply Quote 1
          • C
            chlfigueiredo @viragomann
            last edited by Dec 9, 2023, 6:56 PM

            @viragomann

            viragomann thank you very much, it worked here... it's already working

            1 Reply Last reply Reply Quote 0
            • J
              JKnott @chlfigueiredo
              last edited by Dec 9, 2023, 9:39 PM

              @chlfigueiredo said in Create an Outbound route - Client to Site:

              which is a host that has a shared folder at IP 192.168.20.15

              That's a problem, as you appear to use the same subnet on the right hand LAN. When doing routing like this, you have to examine from the perspective of the source. How does it reach the destination. In your example, it has the left pfSense for the default route, which is fine, as it should know the route to the right hand network and it would if you didn't use the same subnet on two locations. The routers don't know which way to send packets for that subnet.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • J
                JKnott @viragomann
                last edited by Dec 9, 2023, 9:45 PM

                @viragomann said in Create an Outbound route - Client to Site:

                Add 192.168.20.15/32 to the "local networks" in the OpenVPN server settings.

                How does the right side network know how to reach that user? This is a perfect example of why using the same subnet for 2 networks is a bad idea.

                BTW, several years ago I used to do a lot of travelling with my work. I'd find myself in a hotel somewhere, unable to reach my home network, as it was the same subnet as the hotel. After running into that a couple of times, I decided to move my home network to 172.16.0.0 /24, as I had only once seen anything in 172.16 used elsewhere.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 0
                6 out of 7
                • First post
                  6/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.