Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Acess to the network behind OPENVPN clients (remote access mode)

    Scheduled Pinned Locked Moved
    OpenVPN
    4
    6
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gek
      last edited by

      Hello! I try to make tap site-to-site openvpn by pfsense (server/remote access mode) and windows openvpn client (in client mode).

      192.168.38.0/24
      192.168.40.17              192.168.40.18 /
          [pfs]=============[w7]
                                                              \          10.190.200.0/24

      Clients behind [w7] can ping devices behind [pfs], because routes to network pointed as local network on [pfs] are automatically registered on [w7] client.
      But not vise versa. Routes to network behind [w7] is not appears on [pfs].
      It's all works, when i add route to 192.168.38.0/24 and 10.190.200.0/24 manually from [pfs] cli.
      I cannot make it from web-gui because when i try to add gateway (openvpn client 192.168.40.18), i cannot choose ovpn1 interface because it unassigned.
      How to make routes adds automatically? I tryed advanced server options route 192.168.38.0 255.255.255.0; route 10.190.200.0 255.255.255.0; - it does not help (routes does not appears in [pfs] routing table). I also tryed to make client specific override by pointing 192.168.38.0/24,10.190.200.2/32 as remote networks with no success.

      1 Reply Last reply Reply Quote 0
      • G
        gek
        last edited by

        Any feedback please  ::)
        Maybe the description of the problem is inaccurate?

        1 Reply Last reply Reply Quote 0
        • G
          gjaltemba
          last edited by

          It would help me to understand the problem description better if you provide the cli work.

          If cli is working then why do you need a gui way?

          1 Reply Last reply Reply Quote 0
          • G
            gek
            last edited by

            Because when i reboot openvpn instance or pfsense itself, routes written manually are gone.

            1 Reply Last reply Reply Quote 0
            • M
              Melphiz
              last edited by

              Your networks are confusing me so I'll give you the example we use at our company, ok?

              LAN Server 192.168.100.0/24
              LAN Client  192.168.112.0/24
              OpenVPN    10.244.100.0/24

              Server: (pfsense tab)
              Remote Access
              ++ Tunnel Settings
              –---IPv4 Tunnel Network 10.244.100.0/24
              -----IPv4 Local Network 192.168.100.0/24
              ++Advanced
              push "route 192.168.100.0 255.255.255.0";
              route 192.168.112.0 255.255.255.0;

              Client Specific Override (pfsense tab)
              -----IPv4 Remote Network/s 192.168.112.0/24

              The client config itself needs to further adjustment besides the typical settings.

              1 Reply Last reply Reply Quote 0
              • M
                marvosa
                last edited by

                You need to do two things in order to access the network(s) behind your clients:

                • You have to add an iroute statement for each network you want to access in the client specific overrides section for that particular client

                • You have to enable IP routing on the client PC -> https://gist.github.com/mouseroot/5489960

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post