Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OPENVPN INTERSITE MULTI GATEWAY

    Scheduled Pinned Locked Moved
    OpenVPN
    2
    4
    487
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      max33
      last edited by

      HI
      I need to connect two site using two pfsense and open vpn site to site peer key but i got one difficulty as the LAN side is managed by an other gateway.

      TO resume i got :

      SITE A:
      1 TSE SERVER IP : 10.10.10.250 connected to pfsense 10.10.10.253 and using specific gateway as WAN

      SITE B:

      one LAN 192.168.5.0/24 connected to a specific gateway (ADSL modem) 192.168.5.254 that i am not allowed to used for routing my vpn .

      Then i add another modem as second gateway and one pfsense.

      My pfsense got the second gateway as WAN and got lan interface connected to LAN switch as 192.168.5.253.

      I also add route on machine :
      route -p add 10.10.10.0 mask 255.255.255.0 192.168.5.253

      Openvpn is up and machine can connect t server 10.10.10.250

      BUT i am not able to reach printer in the LAN SITE of SITE B from SERVER 10.10.10.250.

      From SERVER 10.10.10.250 i was able to ping 192.168.5.253 (pfsense of SITE B) but not printer (192.168.5.200)

      If i try ping from pfsense of SITE B with source LAN ping works , but if i try ping from open vPN it s not working .

      I suspect that i add to add a reoute somewhere in pfsense Site B but i am a litlle bit lost .

      Any advice ???

      1 Reply Last reply Reply Quote 0
      • M
        max33
        last edited by

        I make some progress and i think i found the issue but don't know how to resolve.

        From my point of view when server in site A (10.10.10.250) send packet to printer in site B (192.168.5.) , the packet arrive to printer but when printer want to respond printer contact its gateway 192,168.5.254 and not the pfsense (192.168.5.253).

        I am quite sure that i have to work with Firewall/NAT/Outbound and i saw some note on it https://forum.netgate.com/topic/101506/solved-openvpn-routing-and-nat-rules-single-wan-dual-lan/3

        but i tried and it s not working.

        I probably not creating the rule correctly

        what i made

        In pfsense Site B
        Firewall > NAT > Outbound
        Mark "Hybrid rule generation" and hit save.

        Then add this rule:

        interface = LAN
        Protocol = any
        Source = Network 10.12.101.0/27 (the vpn tunnel between site A and B)
        Destination = any
        Translation = Interface address

        I also perfomr a packet cpature on lan interface and i saw icmp coming form 10.10.10.250 > 192.168.5.200 but don't know if nat is working ..

        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by

          The source network in the rule has to be the LAN of site A in your case, since it is a site-to-site.

          1 Reply Last reply Reply Quote 1
          • M
            max33
            last edited by

            Thanks you very much you save my day ;)

            I worked on it for few hours now and the solution was in fact very simple

            1 Reply Last reply Reply Quote 0
            • First post
              Last post