Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Route ip range traffic through openvpn

    General pfSense Questions
    1
    1
    469
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bzg last edited by

      Hello All,

      I have a strange problem I can't resolve since two weeks, almost everything is working well, just one thing that I can imagine, why. Let's see the details:

      • site A subnet: 10.0.0.0/22

      • site A Client Group A: 10.0.0.10 - 10.0.0.200

      • site A Client Group B: 10.0.0.201 - 10.0.0.250

      • site A public IP: x.x.x.65/24

      • site B subnet: 10.0.100.0/22

      • site B public IP1: y.y.y.1/24

      • site B public IP2: y.y.y.25/28

      • OpenVPN Site to site VPN Server (Site A): 192.168.100.1

      • OpenVPN Site to site VPN Client (Site B): 192.168.100.2

      I have to configure the following:

      • a) Site A: all traffic from Client Group B must be routed through OpenVPN - site B public IP2 (y.y.y.25/28)

      • b) Site A: all traffic from Client Group A must be routed through site A public IP (x.x.x.65/24)

      • c) Site B: all traffic from Client Group C must be routed through site B public IP1 (y.y.y.1/24)

      I'm done with:

      • c) Done: simple NAT on site B public IP1 (y.y.y.1/24)

      • b) Done: simple NAT on site A public IP (x.x.x.65/24)

      • a) I did the followings:

        • OpenVPN Site to site VPN: Done

        • Site A: create IP Alias IPRANGE1 with IP range 10.0.0.201 - 10.0.0.250

        • Site A: assign interface OPT1 to OpenVPN interface ovpn1

        • Site A: create Firewall Rule on LAN interface:

        • Action: pass

        • Interface: LAN

        • Source: Single host or alias: IPRANGE1

        • Protocol: any

        • Advanced - Gateway: OPT1_VPNV4 (name assigned automatically)

        • Site B: create Virtual IP:

        • Name: VIP1

        • Type: IP Alias

        • Address: y.y.y.25/28

        • Site B: create Outbound NAT rule

        • Interface: WAN

        • Source: site A Client Group A

        • NAT Address: WAN Address

      Up to this point everything is working, if I check the http://www.whatsmyip.org/ the result is what is expected: y.y.y.1/24, as well in case of SSH and FTP the remote site returns IP: y.y.y.1/24.

      But if I change the step "Site B: create Outbound NAT rule" and replace the NAT Address to VIP1, then the result is not clear:

      • if I use SSH then the remote site returns the VIP1 adress: y.y.y.25/28

      • if I use HTTP with a very basic (no ADS, no JS, etc…) site then the remote site returns the VIP1 address: y.y.y.25/28

      • but if I try again the http://www.whatsmyip.org/ then the page is not loaded, I see in statusbar the message connecting. Sometimes the IP is okay, but no stylesheet is loaded, etc…

      Any idea what am I wrong? Howto resolve this issue?

      Kind Regards,

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy