Multiple open vpn server routing help
-
I dont have remote networks from a client server setup.
on my other pfsense box (Remote) i have put remote networks.
i used the client export for the vpn client access. its connects fine and i can ping my main router ip but not the 192.168.0.0 or 192.168.1.0
-
The point is if you can access 192.168.0.0/24 from 192.168.50.0.
-
From my local network 192.168.50.0 to 192.168.0.0 or 192.168.1.0 i get access.
from a vpn client i can access 192.168.50.0 but not 192.168.0.0 or 192.168.1.0
Mat
-
So it seems the route to the clienst tunnel subnet is missing on the remote site.
If you have access to this vpn server, you can add it, otherwise you can do a workaround via NAT. -
I do have access to the remote site and on the remote site the local ip addresses in so still puzzled
-
So if you look in the routing table of the remote site router you can see an entry for the clients tunnel subnet 192.168.61.0/24 pointing to the clients address?
If this is given check the rules. The assess must be allowed at the vpn server in the main subnet and on the remote site.
Try to ping the remote site router itself from the client. -
So if you look in the routing table of the remote site router you can see an entry for the clients tunnel subnet 192.168.61.0/24 pointing to the clients address?
If this is given check the rules. The assess must be allowed at the vpn server in the main subnet and on the remote site.
Try to ping the remote site router itself from the client.From the client i cant ping the remote site router.
-
Main Site
-
I can't see a route to the openvpn2 clients tunnel network at remote site.
So you'll have to add 192.168.61.0/24 to the "Remote Networks" in server config at remote site.From the client i cant ping the remote site router.
However, this way this ping shouldn't work also as long, as.
Since the remote networks have broadly used subnets (192.168.0.0/24 and 192.168.1.0/24) also ensure that your client isn't within one of theese subnets.
Edit:
To "Remote Networks" of course!. I shouldn't hand out advices after drinking beers. ::) -
Ok i have added this
192.168.50.0/24,192.168.1.0/24,192.168.0.0/24,192.168.60.0/24,192.168.61.0/24
You are a legend. How stupid do i feel. yes adding the tunnel networks to the remote networks allows connection.
Thanks so much. i suppose learning never hurt anyone :)
Mat