4. Route ip range traffic through openvpn

Route ip range traffic through openvpn

  • B

    Hello All,

    I have a strange problem I can't resolve since two weeks, almost everything is working well, just one thing that I can imagine, why. Let's see the details:

    • site A subnet: 10.0.0.0/22

    • site A Client Group A: 10.0.0.10 - 10.0.0.200

    • site A Client Group B: 10.0.0.201 - 10.0.0.250

    • site A public IP: x.x.x.65/24

    • site B subnet: 10.0.100.0/22

    • site B public IP1: y.y.y.1/24

    • site B public IP2: y.y.y.25/28

    • OpenVPN Site to site VPN Server (Site A): 192.168.100.1

    • OpenVPN Site to site VPN Client (Site B): 192.168.100.2

    I have to configure the following:

    • a) Site A: all traffic from Client Group B must be routed through OpenVPN - site B public IP2 (y.y.y.25/28)

    • b) Site A: all traffic from Client Group A must be routed through site A public IP (x.x.x.65/24)

    • c) Site B: all traffic from Client Group C must be routed through site B public IP1 (y.y.y.1/24)

    I'm done with:

    • c) Done: simple NAT on site B public IP1 (y.y.y.1/24)

    • b) Done: simple NAT on site A public IP (x.x.x.65/24)

    • a) I did the followings:

      • OpenVPN Site to site VPN: Done

      • Site A: create IP Alias IPRANGE1 with IP range 10.0.0.201 - 10.0.0.250

      • Site A: assign interface OPT1 to OpenVPN interface ovpn1

      • Site A: create Firewall Rule on LAN interface:

      • Action: pass

      • Interface: LAN

      • Source: Single host or alias: IPRANGE1

      • Protocol: any

      • Advanced - Gateway: OPT1_VPNV4 (name assigned automatically)

      • Site B: create Virtual IP:

      • Name: VIP1

      • Type: IP Alias

      • Address: y.y.y.25/28

      • Site B: create Outbound NAT rule

      • Interface: WAN

      • Source: site A Client Group A

      • NAT Address: WAN Address

    Up to this point everything is working, if I check the http://www.whatsmyip.org/ the result is what is expected: y.y.y.1/24, as well in case of SSH and FTP the remote site returns IP: y.y.y.1/24.

    But if I change the step "Site B: create Outbound NAT rule" and replace the NAT Address to VIP1, then the result is not clear:

    • if I use SSH then the remote site returns the VIP1 adress: y.y.y.25/28

    • if I use HTTP with a very basic (no ADS, no JS, etc…) site then the remote site returns the VIP1 address: y.y.y.25/28

    • but if I try again the http://www.whatsmyip.org/ then the page is not loaded, I see in statusbar the message connecting. Sometimes the IP is okay, but no stylesheet is loaded, etc…

    Any idea what am I wrong? Howto resolve this issue?

    Kind Regards,

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy