No Remote Network Access, VPN Network works fine. Routing issue?
-
Hey guys, I'm having an issue where I can't connect to any of my remote networks. I have no issues connecting over the VPN network though. So, per the diagram, from any of those networks I can ping the 192.168.10.0/24 network, but from any of the networks (including the 192.168.10.0/24) I can't ping the other 40, 50, and 60 networks. I had this working about a week ago, but I'm not sure what could have changed between now and then to cause it to stop.
I've noticed some odd routing in the pfSense routing tables
Routing tables Internet: Destination Gateway Flags Netif Expire default 73.109.128.1 UGS em0 10.0.40.0/24 10.0.40.1 UGS ovpns2 10.0.40.1 link#10 UHS lo0 10.0.40.2 link#10 UH ovpns2 10.72.8.0/24 10.72.8.1 UGS ovpns1 10.72.8.1 link#9 UHS lo0 10.72.8.2 link#9 UH ovpns1 17.31.16.0/20 10.0.40.2 UGS ovpns2 [Public Network] link#1 U em0 [Public IP address] link#1 UHS lo0 75.75.75.75 36:66:39:36:39:33 UHS em0 75.75.76.76 36:66:39:36:39:33 UHS em0 127.0.0.1 link#8 UH lo0 192.168.10.0/24 link#2 U em1 192.168.10.1 link#2 UHS lo0 192.168.40.0/24 10.0.40.2 UGS ovpns2 192.168.50.0/24 10.0.40.2 UGS ovpns2
10.0.40.2 is a client, so I'm not sure why the traffic would route from the VPN back to a client to get to the 10.0.40.2 network. Is this some kind of loop? I'm not sure.
My configs are posted below, with sensitive information redacted.
#Server Configuration dev ovpns2 verb 1 dev-type tun tun-ipv6 dev-node /dev/tun2 writepid /var/run/openvpn_server2.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-128-CBC auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local [Public IP Address] tls-server server 10.0.40.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc/server2 ifconfig 10.0.40.1 10.0.40.2 lport 1195 management /var/etc/openvpn/server2.sock unix push "route 192.168.10.0 255.255.255.0" push "route 192.168.40.0 255.255.255.0" push "route 17.31.16.0 255.255.240.0" push "route 192.168.50.0 255.255.255.0" route 192.168.10.0 255.255.255.0 route 192.168.40.0 255.255.255.0 route 17.31.16.0 255.255.240.0 route 192.168.50.0 255.255.255.0 ca /var/etc/openvpn/server2.ca cert /var/etc/openvpn/server2.cert key /var/etc/openvpn/server2.key dh /etc/dh-parameters.1024 topology subnet
#School Server Configuration client dev tun proto udp remote [hoistname] 1195 resolv-retry infinite nobind persist-key persist-tun ca "C:\\Program Files\\OpenVPN\\config\\AD+Certificate+Authority.crt" cert "C:\\Program Files\\OpenVPN\\config\\AD+Client+Cert+School.crt" key "C:\\Program Files\\OpenVPN\\config\\AD+Client+Cert+School.key" remote-cert-tls server cipher AES-128-CBC verb 3
*Note: Site C Should have a VPN Address of 10.0.40.3