4. VPN Site to Site problem after accessing remote.

VPN Site to Site problem after accessing remote.

  • R

    Guys, I  will try to explain it in the best way and I hope you guys can help me.

    I have a Site to Site VPN (using IPsec) working perfectly. Let's call it Site A and Site B.
    My problem is, when I'm at my home and I connect to Site A (Client to Site using OpenVPN), I join in my A network without problems, but I can not ping anything to Site B

    Any tips of what can i do?

    0
  • V

    You need to set the routing between B and the OpenVPN tunnel network in IPSec.
    To do so you have to add a second phase 2 to the IPSec configuration.

    0
  • R

    Thanks for your Help! I add a second phase but i cannot access the site b yet. Im posting my confs:

    My OpenVPN conf.

    10.0.3.0/24 = My OpenVpn network
    192.168.108.0/22 = My internal Network
    172.16.0.0/16 = My Site B internal network(connected through Ipsec site to site)

    My Ipsec Conf
    The first entry entry of second phase is part of my vpn site to site, the second entry is the route i add trying to follow your tip.

    Can you help?

    Thanks.

    0
  • V

    Have also you added the second phase 2 on site B?

    0
  • R

    Still nothing =// Route added on site B. This is my conf file from openvpn client:

    dev tun
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
remote 187.28.XX.XX 1198
route 192.168.108.0 255.255.252.0
ifconfig 172.25.1.2 172.25.1.1
keepalive 10 60
ping-timer-rem
secret fwr-udp-1198.secret.key

    I My openvpn server, i  set it up the routes, i need to add something in my conf file?

    0
  • V

    Seems to be a very old pfSense version.

    Don't know, what client you're running. Doesn't it support pulling of routes, cause you have stated the route for the LAN in the client config? If it doesn't support pulling routes you have also to state the site B LAN here.

    Also maybe the route line in the client config will thwart the push routes command from server. Look in the client log for details.

    0
  • R

    I am using the latest openvpn client for windows. I made tests by adding the routes just on the client and another just on the server, I did not succeed. My version of Pfsense is really old V 2.2.6.

    I configured the routes on the server:

    persist-tun
persist-key
push "route 172.25.1.0 255.255.255.0";
push "route 172.16.0.0 255.255.0.0";

    172.25…..my range on this tunnel
    172.16....The range from lan of B site.

    0
  • V

    I presume, the routes on the client are not added by pushing from server.
    Check the clients routing table.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy