4 pfsense servers+vpn routing+vpn gui client
-
Hello.Got one problem.
4 pfsense servers are connected using open vpn
Main server(1),got local network 10.10.100.0/23 | 10.1.5.0/24 tunnel network
Second(10.10.96.0/23) | 10.1.3.0/24 tunnel network
Third(10.10.98.0/23) | 10.1.2.0/24 tunnel network
Fourth(10.10.104.0/23) | 10.1.4.0/24tunnel network
Routing beetwen them works fine.
While my laptop belongs to one of those networks I can communicate with every subnet PC's.
But,when I initialize connection with open vpn gui client from home I can see only local network behind the server I connected to.
The question is,why i can't see other subnets?
I guess, it relate to routing.Please,help.tracert from subnet behind pfsense server
tracert from home PC
Seems like it don't know where to send packets.
-
@rostyslav-didus In your OpenVPN server config, what do you have for Tunnel Settings - IPv4 Local Network(s)?
-
-
@rostyslav-didus OK that looks good. It's not every day I see someone using a /23.
What are your firewall rules for the OpenVPN interfaces?
-
@kom
We've got many clients )
-
This post is deleted! -
@rostyslav-didus
Maybe the destination devices are blocking access from outside their local networks. This is the default behavior of PC firealls. -
Dammit, clicked Delete by accident...
viragomann had a good suggestion above. Often times a desktop firewall will block traffic from outside its local subnet.
Can you not access anything on any network, or are you just trying Windows systems?
-
@kom I saw that message )
It is about vpn's config on each server.I'll add this info tomorrow. -
@viragomann
I wish it was like this way.
But it is not.Windows FIrewall is turned off.
For some reason pfsense allows me to see only network behind the server I connected to.I'll add vpn config's of all servers tomorrow.
Thank you. -
@rostyslav-didus said in 4 pfsense servers+vpn routing+vpn gui client:
For some reason pfsense allows me to see only network behind the server I connected to.
From your first post, I assumed you get not even this.
So you connect to different servers by vpn and want to access the remote networks in the other locations, which are connected with a site2site?
-
@viragomann
Yes.Correct. -
@rostyslav-didus
So consider that you have to populate the route for the access servers tunnel network on the s2s remote sites. -
@viragomann
Server side
Vpn server settings for users with openvpn gui client.
As you see,I entered all subnets to ipv4 local networks.
Should I add here tunnel network subnets?
Client side+server side for tunnel 1
Client side+server side for tunnel 2
Client side+server side for tunnel 3
When I connect via openvpn gui and trying tracert command to 10.10.104.2(windows server) I receive time out.
If I try to connect to any subnet's server it works fine when I initialize connection from one of those subnet(10.10.100.0/23,10.10.98.0/23 etc.)
-
@rostyslav-didus
You have to add the access server tunnel network 10.1.5.0/24 to the "Remote networks" on all remote sites, so that the branch routers set a route for it pointing to the main. -
@viragomann,
My Lord!
It works now.Added 10.1.5.0/24 to each "remote networks" configuration.
I appreciate that.
Thanks a lot.
