No Remote Network Access, VPN Network works fine. Routing issue?



  • Hey guys, I'm having an issue where I can't connect to any of my remote networks. I have no issues connecting over the VPN network though. So, per the diagram, from any of those networks I can ping the 192.168.10.0/24 network, but from any of the networks (including the 192.168.10.0/24) I can't ping the other 40, 50, and 60 networks. I had this working about a week ago, but I'm not sure what could have changed between now and then to cause it to stop.

    I've noticed some odd routing in the pfSense routing tables

    Routing tables
    
    Internet:
    Destination        Gateway            Flags      Netif Expire
    default            73.109.128.1       UGS         em0
    10.0.40.0/24       10.0.40.1          UGS      ovpns2
    10.0.40.1          link#10            UHS         lo0
    10.0.40.2          link#10            UH       ovpns2
    10.72.8.0/24       10.72.8.1          UGS      ovpns1
    10.72.8.1          link#9             UHS         lo0
    10.72.8.2          link#9             UH       ovpns1
    17.31.16.0/20      10.0.40.2          UGS      ovpns2
    [Public Network]    link#1             U           em0
    [Public IP address]     link#1             UHS         lo0
    75.75.75.75        36:66:39:36:39:33  UHS         em0
    75.75.76.76        36:66:39:36:39:33  UHS         em0
    127.0.0.1          link#8             UH          lo0
    192.168.10.0/24    link#2             U           em1
    192.168.10.1       link#2             UHS         lo0
    192.168.40.0/24    10.0.40.2          UGS      ovpns2
    192.168.50.0/24    10.0.40.2          UGS      ovpns2
    
    

    10.0.40.2 is a client, so I'm not sure why the traffic would route from the VPN back to a client to get to the 10.0.40.2 network. Is this some kind of loop? I'm not sure.

    My configs are posted below, with sensitive information redacted.

    
    #Server Configuration
    dev ovpns2
    verb 1
    dev-type tun
    tun-ipv6
    dev-node /dev/tun2
    writepid /var/run/openvpn_server2.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local [Public IP Address]
    tls-server
    server 10.0.40.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc/server2
    ifconfig 10.0.40.1 10.0.40.2
    lport 1195
    management /var/etc/openvpn/server2.sock unix
    push "route 192.168.10.0 255.255.255.0"
    push "route 192.168.40.0 255.255.255.0"
    push "route 17.31.16.0 255.255.240.0"
    push "route 192.168.50.0 255.255.255.0"
    route 192.168.10.0 255.255.255.0
    route 192.168.40.0 255.255.255.0
    route 17.31.16.0 255.255.240.0
    route 192.168.50.0 255.255.255.0
    ca /var/etc/openvpn/server2.ca 
    cert /var/etc/openvpn/server2.cert 
    key /var/etc/openvpn/server2.key 
    dh /etc/dh-parameters.1024
    topology subnet
    
    
    
    #School Server Configuration
    client
    dev tun
    proto udp
    remote [hoistname] 1195
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca "C:\\Program Files\\OpenVPN\\config\\AD+Certificate+Authority.crt"
    cert "C:\\Program Files\\OpenVPN\\config\\AD+Client+Cert+School.crt"
    key "C:\\Program Files\\OpenVPN\\config\\AD+Client+Cert+School.key"
    remote-cert-tls server
    cipher AES-128-CBC
    verb 3
    
    

    *Note: Site C Should have a VPN Address of 10.0.40.3


Log in to reply