Multiple open vpn server routing help



  • Hi All

    I am after a little help with open vpn tunnels and clients.

    I currently have a tunnel from me to another location and also a server setup from me for access.

    When I remote in on the client vpn setup I can ping the default network but not the remote location of the open vpn server.

    Example main network 192.168.50.0 /24
    Remote Network 192.168.0.0 /24

    VPN Client gets issues 192.168.61.0 /24 I can ping anything on main network but not remote networks.

    I guess its routing but any help would be great.



  • So from the main network you can access the remote location, but not from vpn client?

    Have you added the remote network 192.168.0.0 /24 to the "Local Network/s" in the server setting?



  • @viragomann:

    So from the main network you can access the remote location, but not from vpn client?

    Have you added the remote network 192.168.0.0 /24 to the "Local Network/s" in the server setting?

    Sorry where is that setting?



  • @Mat1987:

    @viragomann:

    So from the main network you can access the remote location, but not from vpn client?

    Have you added the remote network 192.168.0.0 /24 to the "Local Network/s" in the server setting?

    Sorry where is that setting?

    oh sorry do you mean in the Open VPN server.  Yes it looks like this

    IPv4 Local network(s)
    192.168.50.0/24,192.168.1.0/24,192.168.0.0/24



  • Now, the remote network is entered at "Local Networks" and you still get no access from client?

    From the main network you can access the remote network?



  • I dont have remote networks from a client server setup.

    on my other pfsense box (Remote) i have put remote networks.

    i used the client export for the vpn client access.  its connects fine and i can ping my main router ip but not the 192.168.0.0 or 192.168.1.0



  • The point is if you can access 192.168.0.0/24 from 192.168.50.0.



  • From my local network 192.168.50.0 to 192.168.0.0 or 192.168.1.0 i get access.

    from a vpn client i can access 192.168.50.0 but not 192.168.0.0 or 192.168.1.0

    Mat



  • So it seems the route to the clienst tunnel subnet is missing on the remote site.
    If you have access to this vpn server, you can add it, otherwise you can do a workaround via NAT.



  • I do have access to the remote site and on the remote site the local ip addresses in so still puzzled



  • So if you look in the routing table of the remote site router you can see an entry for the clients tunnel subnet 192.168.61.0/24 pointing to the clients address?

    If this is given check the rules. The assess must be allowed at the vpn server in the main subnet and on the remote site.
    Try to ping the remote site router itself from the client.



  • @viragomann:

    So if you look in the routing table of the remote site router you can see an entry for the clients tunnel subnet 192.168.61.0/24 pointing to the clients address?

    If this is given check the rules. The assess must be allowed at the vpn server in the main subnet and on the remote site.
    Try to ping the remote site router itself from the client.

    From the client i cant ping the remote site router.




  • Main Site




  • I can't see a route to the openvpn2 clients tunnel network at remote site.
    So you'll have to add 192.168.61.0/24 to the "Remote Networks" in server config at remote site.

    @Mat1987:

    From the client i cant ping the remote site router.

    However, this way this ping shouldn't work also as long, as.

    Since the remote networks have broadly used subnets (192.168.0.0/24 and 192.168.1.0/24) also ensure that your client isn't within one of theese subnets.

    Edit:
    To "Remote Networks" of course!. I shouldn't hand out advices after drinking beers.  ::)



  • Ok i have added this

    192.168.50.0/24,192.168.1.0/24,192.168.0.0/24,192.168.60.0/24,192.168.61.0/24

    You are a legend.  How stupid do i feel.  yes adding the tunnel networks to the remote networks allows connection.

    Thanks so much.  i suppose learning never hurt anyone :)

    Mat