Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Gateway offline after adding Client Specific Overrides for OpenVPN

    Scheduled Pinned Locked Moved
    OpenVPN
    pfsense openvpn gateway
    3
    5
    574
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TrippleDke
      last edited by

      Hi

      I have a PFSense working as OpenVPN-server and the RUT955 as openVPNclient. The setup is P2P SSL/TLS

      • PFSense IP = 192.168.1.1 with behind it a PC with IP 192.168.1.101
      • RUT955 IP = 192.168.2.1 with behind it a PC with IP 192.168.2.20
      • Tunnel Network = 192.168.3.0/24; client = 192.168.3.2; server = 192.168.3.1

      I couldn't ping the RUT955 LAN so I added a Client Specific Override to acces te LAN network of the RUT955.

      After adding the COS i managed to ping the LAN of RUT955. However when I do a ping to the client Tunnel 192.168.3.2 the ping fails. 192.168.3.1 works just fine.

      I went to see the status and logs of the Gateway. And I get the next result.

      5.PNG
      6.PNG

      So how is it possible the traffic goes through to the LAN of the RUT955 but the Gateway is offline? Are there any sollutions for this?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Hard to say with only a few pieces of information. Post your OpenVPN Config and Firewall Rules (Screenshots).

        -Rico

        2x Netgate XG-7100 | 11x Netgate SG-5100 | 6x Netgate SG-3100 | 2x Netgate SG-1100

        1 Reply Last reply Reply Quote 0
        • T
          TrippleDke
          last edited by

          Configuration of OpenVPN-server:

          Bijlage 2.PNG
          Bijlage 3.PNG
          Bijlage 4.PNG
          bijlage 5.PNG
          Bijlage 6.PNG

          Firewall rules:

          test.PNG

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            @TrippleDke said in Gateway offline after adding Client Specific Overrides for OpenVPN:

            RUT955 IP = 192.168.2.1 with behind it a PC with IP 192.168.2.20

            Assuming a /24 netmasks there, which were left unspecified, that doesn't indicate that is a router. That indicates it is a bridge.

            If this is a peer-to-peer network for just one peer, just change the tunnel network to a /30 and stop worrying about CSOs.

            Not exactly sure what you are trying to accomplish there. You might need to draw an actual diagram.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • T
              TrippleDke
              last edited by

              Yes the netmasks are all /24. For now it is 1 peer for testing. But in the future i would like to have the possibility to add more clients. The following is what I'm trying to accomplish:

              test.png

              1 Reply Last reply Reply Quote 0
              • First post
                Last post