[SOLVED] Unable to reach pfsense or any computer on its subnet from VPN server
-
That's not what I'm trying to do. I'm just running a an OpenVPN server, as per the docs, and the built in Google IPSec VPN won't work for what I need anyway.
I showed VPN between my gateway and and the OVPN server because the gateway is not my OVPN server, but it is the next hop from it.
-
And where do they state that is supported??
Your going to have to put a public IP on your instance that is running, not some port forward..
What is it that you need btw?? Can I fire up a google compute instance for low cost or free for testing?
I see they have a $300 60 day free trial, signing up.. So what is it exactly your wanting to accomplish?
-
And where do they state that is supported??
Your going to have to put a public IP on your instance that is running, not some port forward..
I don't want to assume it isn't.
What is it that you need btw?? Can I fire up a google compute instance for low cost or free for testing?
No but I can make one for you.
I see they have a $300 60 day free trial, signing up.. So what is it exactly your wanting to accomplish?
That's for support. An instance might only cost you $5 per month if you get the teeny tiny one.
As to second part: I need to add more subnets as well as do site-to-client (which google's VPN server doesn't do).
Currently I'm trying to get it working with a tap interface.
-
Sent you PM.
-
Well I got in in like 5 minutes
fired up an instance, wget the openvpn as package
Boom connected
-
I fixed it on my end.
Set up server for tap. Set up interface accordingly (needed to reboot as ovpn client was failing to ifconfig). Set up bridge interface with LAN and OPT1. Was able to ping vitrual IP of pfSense client from GCE server, but not pfSense's LAN IP or anything behind it.
did a # sudo ip route add 10.0.0.0/24 dev br0 on server and voila.
Not sure why it is not working with tun, maybe a bug of some sort with GCE. Not sure what you did different to get it working on your end.
-
I didn't do anything special, installed openvpn as - connected.. using TUN. I had to change the IP that was in the profile to the external IP..
-
Well I got in in like 5 minutes
fired up an instance, wget the openvpn as package
Boom connected
I had no problem connecting. Can you ping pfSense or anything behind its nat, assuming there is NAT.
(BTW, I erroneously said there was no NAT on my GCE slice earlier, but now I think it is 1:1 NAT. I'm new to all this stuff.)
-
I am routing my traffic over the connection..
What exactly are you wanting to accomplish with the vpn connection??
-
I am routing my traffic over the connection..
What exactly are you wanting to accomplish with the vpn connection??
I have a funny feeling you only breezed through my post :P
For now I have accomplished what I wanted to accomplish, which is a site-to-site VPN.
Subnets are going to be added from various physical locations with lans behind pfsense and dd-wrt (in most cases). There will be some modestly intricate routing between them. In this case, the default gateway is always the local one.
On the GCE subnet side some services will service.
There will also be client-to-server connections which will do what you are doing.
I think I would rather try and run pfSense on GCE. It appears to be possible and there is some documentation, but it involves making a KVM virtual disk and loading it into a new instance in GCE, and I don't have a spare PC with VT-d needed to build it.
See here: https://gist.github.com/mkhon/0d8867e07c6b325ae228
Who can I bribe to make one for me? Maybe I'll start a new thread later.
-
By the way: anyone trying to do what I'm doing should know that windows firewall by default blocks pings from other subnets, android phones and linux servers do not (not sure about iOS). That might have really screwed me up had I not read it in the tons of time I spent trying and failing to get tun to work.
-
So your going to have multiple machines on gce? An they are going to use this vpn machine as their gateway to your network? Can you setup the GCE networking that way for their instances?
