Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN and RV50 Sierra Wireless

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      axelf911
      last edited by

      The OpenVPN settings on the RV50 Sierra Wireless router is very limited and doesn't have all the options that the client tab has in PFSense.

      For PFSense OpenVPN, am I supposed to connect using Peer to Peer (shared key) or Peer to Peer SSL/TLS ? This is for a Site to Site kind of VPN Setup.

      For Peer to Peer Shared key, it doesn't look like there is any way to put in the IPv4 Remote networks in the RV50:
      https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site

      However, for Peer to Peer (SSL/TLS), the IPv4 Remote networks are pushed to the client via an iroute:
      https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_(SSL)

      Is Peer to Peer (SSL/TLS) setup the only way the RV50 OpenVPN will work? Right now PFSense cannot ping the RV50 OpenVPN clients and vice versa. It indicates to me some kind of routing issue.

      I know that the Roadwarrior setup doesn't work either.

      1 Reply Last reply Reply Quote 0
      • A
        axelf911
        last edited by

        On Pfsense Server to Pfsense Client, the configuration to make Peer to Peer (SSL/TLS) is quite clear. However, if we use the Sierra Wireless RV50 OpenVPN client, this isn't so clear.

        I have gotten the PFSense Peer to Peer (SSL/TLS) setup to work and connect successfully with the RV50 OpenVPN client. However, not much is routable to the VPN tunnel it seems.

        -From the RV50 Ethernet DHCP Addresses I can ping the OpenVPN Client Tunnel IP (10.0.8.2). However, I cannot ping anything else on the 10.0.8.0/24 tunnel network. I believe the PFSense OpenVPN server gets a Tunnel IP (10.0.8.1), which I cannot ping or vice versa.
        -From RV50 Ethernet DHCP Addresses I cannot ping any local LAN networks on the PFSense OpenVPN server through the VPN tunnel.
        -From PFSense OpenVPN server, I cannot ping any Remote LAN networks on the RV50 through the VPN tunnel.

        Do I need to add a policy route? Is there any special routing or firewall settings on the RV50 that I need to add?

        There doesn't seem to be a route from the Ethernet port to anything through the VPN tunnel, except for the tunnel client itself. How to force all local host traffic through the Tunnel?

        Any help would be appreciated figuring out what needs to be changed on the RV50.

        1 Reply Last reply Reply Quote 0
        • A
          axelf911
          last edited by

          @axelf911:

          On Pfsense Server to Pfsense Client, the configuration to make Peer to Peer (SSL/TLS) is quite clear. However, if we use the Sierra Wireless RV50 OpenVPN client, this isn't so clear.

          I have gotten the PFSense Peer to Peer (SSL/TLS) setup to work and connect successfully with the RV50 OpenVPN client. However, not much is routable to the VPN tunnel it seems.

          -From the RV50 Ethernet DHCP Addresses I can ping the OpenVPN Client Tunnel IP (10.0.8.2). However, I cannot ping anything else on the 10.0.8.0/24 tunnel network. I believe the PFSense OpenVPN server gets a Tunnel IP (10.0.8.1), which I cannot ping or vice versa.
          -From RV50 Ethernet DHCP Addresses I cannot ping any local LAN networks on the PFSense OpenVPN server through the VPN tunnel.
          -From PFSense OpenVPN server, I cannot ping any Remote LAN networks on the RV50 through the VPN tunnel.

          Do I need to add a policy route? Is there any special routing or firewall settings on the RV50 that I need to add?

          There doesn't seem to be a route from the Ethernet port to anything through the VPN tunnel, except for the tunnel client itself. How to force all local host traffic through the Tunnel?

          Any help would be appreciated figuring out what needs to be changed on the RV50.

          Okay I figured out the issue. The OpenVPN server has to match the RV50 OpenVPN Client advanced settings verbatim. In my case the RV50 OpenVPN advanced settings are such:

          Tunnel-MTU: 1500
          MSS Fix: 1400
          Fragment: 1300

          Thus, the PFSense OpenVPN server needs the exact same settings. Under OpenVPN -> select server-> Advanced Configuration I added the following:

          tun-mtu 1500;mssfix 1400;fragment 1300

          Once I put in the above settings, voila everything is pingable!

          1 Reply Last reply Reply Quote 1
          • GilG
            Gil Rebel Alliance
            last edited by

            tun-mtu 1500;mssfix 1400;fragment 1300;

            Thanks axelf911, that worked for me.

            Now, I also connect into my pfSense Server via OpenVPN; and would like to be able to route back to the RV50.

            I have an identical config that allows me to route to another 4G OpenVPN device (H685-OpenWRT) - but I can't do it to the RV50.

            Do I have a mismatch?

            11 cheers for binary

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.