OpenVPN and RV50 Sierra Wireless
-
The OpenVPN settings on the RV50 Sierra Wireless router is very limited and doesn't have all the options that the client tab has in PFSense.
For PFSense OpenVPN, am I supposed to connect using Peer to Peer (shared key) or Peer to Peer SSL/TLS ? This is for a Site to Site kind of VPN Setup.
For Peer to Peer Shared key, it doesn't look like there is any way to put in the IPv4 Remote networks in the RV50:
https://doc.pfsense.org/index.php/OpenVPN_Site_To_SiteHowever, for Peer to Peer (SSL/TLS), the IPv4 Remote networks are pushed to the client via an iroute:
https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_(SSL)Is Peer to Peer (SSL/TLS) setup the only way the RV50 OpenVPN will work? Right now PFSense cannot ping the RV50 OpenVPN clients and vice versa. It indicates to me some kind of routing issue.
I know that the Roadwarrior setup doesn't work either.
-
On Pfsense Server to Pfsense Client, the configuration to make Peer to Peer (SSL/TLS) is quite clear. However, if we use the Sierra Wireless RV50 OpenVPN client, this isn't so clear.
I have gotten the PFSense Peer to Peer (SSL/TLS) setup to work and connect successfully with the RV50 OpenVPN client. However, not much is routable to the VPN tunnel it seems.
-From the RV50 Ethernet DHCP Addresses I can ping the OpenVPN Client Tunnel IP (10.0.8.2). However, I cannot ping anything else on the 10.0.8.0/24 tunnel network. I believe the PFSense OpenVPN server gets a Tunnel IP (10.0.8.1), which I cannot ping or vice versa.
-From RV50 Ethernet DHCP Addresses I cannot ping any local LAN networks on the PFSense OpenVPN server through the VPN tunnel.
-From PFSense OpenVPN server, I cannot ping any Remote LAN networks on the RV50 through the VPN tunnel.Do I need to add a policy route? Is there any special routing or firewall settings on the RV50 that I need to add?
There doesn't seem to be a route from the Ethernet port to anything through the VPN tunnel, except for the tunnel client itself. How to force all local host traffic through the Tunnel?
Any help would be appreciated figuring out what needs to be changed on the RV50.
-
On Pfsense Server to Pfsense Client, the configuration to make Peer to Peer (SSL/TLS) is quite clear. However, if we use the Sierra Wireless RV50 OpenVPN client, this isn't so clear.
I have gotten the PFSense Peer to Peer (SSL/TLS) setup to work and connect successfully with the RV50 OpenVPN client. However, not much is routable to the VPN tunnel it seems.
-From the RV50 Ethernet DHCP Addresses I can ping the OpenVPN Client Tunnel IP (10.0.8.2). However, I cannot ping anything else on the 10.0.8.0/24 tunnel network. I believe the PFSense OpenVPN server gets a Tunnel IP (10.0.8.1), which I cannot ping or vice versa.
-From RV50 Ethernet DHCP Addresses I cannot ping any local LAN networks on the PFSense OpenVPN server through the VPN tunnel.
-From PFSense OpenVPN server, I cannot ping any Remote LAN networks on the RV50 through the VPN tunnel.Do I need to add a policy route? Is there any special routing or firewall settings on the RV50 that I need to add?
There doesn't seem to be a route from the Ethernet port to anything through the VPN tunnel, except for the tunnel client itself. How to force all local host traffic through the Tunnel?
Any help would be appreciated figuring out what needs to be changed on the RV50.
Okay I figured out the issue. The OpenVPN server has to match the RV50 OpenVPN Client advanced settings verbatim. In my case the RV50 OpenVPN advanced settings are such:
Tunnel-MTU: 1500
MSS Fix: 1400
Fragment: 1300Thus, the PFSense OpenVPN server needs the exact same settings. Under OpenVPN -> select server-> Advanced Configuration I added the following:
tun-mtu 1500;mssfix 1400;fragment 1300
Once I put in the above settings, voila everything is pingable!
-
tun-mtu 1500;mssfix 1400;fragment 1300;
Thanks axelf911, that worked for me.
Now, I also connect into my pfSense Server via OpenVPN; and would like to be able to route back to the RV50.
I have an identical config that allows me to route to another 4G OpenVPN device (H685-OpenWRT) - but I can't do it to the RV50.
Do I have a mismatch?