Openvpn client IP
-
Why you're running such an old pfSense version?
What's about the compression settings? The protocol says, it's set on one site but not on the other site.
Also, when we configure a /30 [192.168.104.0/30] instead of /24, session could not be enabled because:
In 2.2.6 the topology is set to /30 by default on vpn server, as far as I remember. That would not work together with a /30 tunnel network. You may try to set the topology to "subnet", maybe this helps.
-
Hello,
thanks viragomann for your sooner answer.
Yes, we are using a old version of pfsense, we want to upgrade it soon.
On the other hand, we tried to use a subnet, like /30 (ovpn not working with errors of last reply), /29 give the same IPs. We tried to use a /25 with 192.168.104.128, and pfsense get 192.168.104.129 and mikrotik gets 192.168.104.134. So we get same issue.
About compression, we disable it, but we get some errors (LZO compression issues), so we enable it again with "No preference".
Regards,
-
Are you running the server in shared key mode??
-
Hello,
Finally, I installed a vps with a pfsense with last version, and if I choose Topology => Subnet. We get the correct IP!
One issue solved, thank you viragomann.
The problem is that we have the same behaviour,
-
From pfsense private network I CAN NOT ping or access to mikrotik private network
-
From mikrotik private network I CAN ping or access to pfsense private network
:(
Regards,
-
-
Are both, the pfSense and the Microtik the default gateways in their local networks?
Can you ping from pfSense (Diagnostic > Ping) to the remote LAN and vice versa?
Are the routes correct on both sites?
Have you set firewall rules to allow the access?
-
Hello,
******** PFsense ***********
[2.3.4-RELEASE][admin@pfSenseTest.localdomain]/root: netstat -rn4
Routing tablesInternet:
Destination Gateway Flags Netif Expire
default 77.ZZZ.YYY.1 UGS em0
77.ZZZ.YYY.0/25 link#1 U em0
77.ZZZ.YYY.XX link#1 UHS lo0
127.0.0.1 link#6 UH lo0
192.168.0.0/24 link#2 U em1
192.168.0.1 link#2 UHS lo0
192.168.4.0/24 192.168.204.2 UGS ovpns1
192.168.204.0/24 192.168.204.2 UGS ovpns1
192.168.204.1 link#7 UHS lo0
192.168.204.2 link#7 UH ovpns1No firewall rules, only accept all for all interfaces (OpenVPN, WAN, LAN)
********** MIKROTIK *************
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
1 ADS 0.0.0.0/0 10.0.70.1 1
2 A S 10.0.0.0/8 ovpn_pfsensetest 1
3 ADC 10.0.70.0/24 10.0.70.197 ether2-router-i… 0
4 ADC 10.250.250.0/24 10.250.250.1 ether24-gestio 0
5 ADS 192.168.0.0/23 192.168.204.1 1
6 DC 192.168.4.0/24 192.168.4.254 ether10-oficina 255
7 S 192.168.104.0/24 192.168.104.1 1
8 ADC 192.168.204.1/32 192.168.204.2 ovpn_pfsensetest 0- 10.0.70.X is network that do NAT to connect to internet.
No firewall rule in mikrotik, only to accept all, forward, input and output.
My current behaviour is:
(1) I can ping from mikrotik to pfsense (192.168.204.1)
(2)I can ping from mikrotik to pfsense private network (192.168.0.0/24)
(3) I can ping from mikrotik private network (192.168.4.0/24) to pfsense (192.168.204.1)
(4) I can ping from mikrotik private network (192.168.4.0/24) to pfsense private network (192.168.0.0/24)(5) I can ping from pfsense to mikrotik (192.168.204.2)
(6) I can NOT ping from pfsense to mikrotik private network (192.168.4.0/24)
(7) I can ping from pfsense private network (192.168.0.0/24) to mikrotik (192.168.204.2)
(8) I can NOT ping from pfsense private network (192.168.0.0/24) to mikrotik privat network (192.168.4.0/24)I tried NAT issues, open firewall,…
Also I did a torch in mikrotik an tcpdump in pfsense, and pfsense can see a icmp paquet, but in mikrotik never arrives (on points 6 and 8).
Any idea? What is wrong?
Regards,
-
So all routes are set fine and working well. This is shown by point (4).
Also I did a torch in mikrotik an tcpdump in pfsense, and pfsense can see a icmp paquet, but in mikrotik never arrives (on points 6 and 8).
Where have you checked this? On vpn interface or an LAN?
If you see the packets on pfSense vpn interface they have also be there on mikrotiks vpn interface. If you can't see theme on LAN they're blocked by mikrotik. -
I did torch in vpn interface of mikrotik.
-
Are you running multiple VPN instances (servers + clients) on pfSense?
-
Yes, We want to use one ovpn for client, and right now we have 3 clients. (each client use its own network, for example client 2 => 192.168.2.0/24, client3 => 192.168.3.0/24 , and so on)
-
Man, that has to be mentioned!
So you're running 3 OpenVPN servers and the routing table above is not complete?
In this case you have to assign an interface to each vpn server/client running on pfSense. Interfaces > assign.
Under "Available network ports" select the VPN instance and click Add. Then open the newly added interface, enable it and set a description.
After that you get an addition firewall rule tab for each of these interfaces. If you want you may define your firewall rules there for the respective connections, however, they could also stay on the OpenVPN tab, not on both tabs to avoid confusion. -
Hi guys
My situation and configuration is same as user angelbit described, but for now i have only one mikrotik client. Pfsense is an openvn server and mikrotik can connect to it with no errors.
I have tried your suggestions about assignig new interface (vpn) in pfsenes but still no success.
Can not ping from pfsense and pfsenes lan to mikrtoik lan ip and lan clients.
Can ping from mikrotik and mikrotik lan to pfsense lan clients.When pinging from pfsense lan to mikrotik lan i can see pacekts on pfsense vpn interface but not seeing on mikrotik vpn interface (tcpdup, packet capture).
Have any sugesstions ?
Regards