Selective routing and selective internet routing
-
I have a site to site vpn set up that accesses the remote subnet just fine. this is accomplished by using route commands in client overrides as different ones go to different subnets. My problem is I want to add one internet route to go through the tunnel also.
So it would be from client vpn tunnel, to server tunnel, to intranet and back again.
The iroute to the client side works fine so I can ping both ways. The intranet address with the route command gets routed through the tunnel but does not make it back. It has dns resolution to the ip. Just tracert never makes it past the server vpn address. Any ideas?
-
Might be the need to have Outbound NAT in place for the OpenVPN client source address out WAN. When you use "Remote Networks" in the server config, Automatic Outbound NAT has something to look for. When you use route commands and push route commands in the advanced and client-specific settings it has no idea what's where.
-
Thank you for your suggestion.
openvpn net 77.0
local 35.0
openvpn client acutal network 1.0there is an auto added rule in outbound nat for the the 77.0 network going to the internet address. Are you saying we should try to add one for the 1.0 network also?
From the pfsense you can ping internet stuff using the openvpn network in diagnostic tools.
The only other thing I can think of is I did not add an interface for the openvpn connection. Everything local works fine, just no internet resolution.
-
If the traffic is leaving WAN sourced from 1.0 you need an outbound NAT rule for it.
-
EDIT
After setting it to wan interface instead of openvpn after thinking about it for a while it works.thank you very much for your help
Thank you again for your suggestion.
I added a outbound nat rule of
coming from vpn interface THIS WAS WRONG
with a source of 1.0/24
any any any
destination vip
anystill nothing
-
Yeah. Outbound NAT on WAN. Good deal.
