[SOLVED] All traffic (including internet) over site to site OpenVPN

viragomann · Jun 18, 2018, 7:44 PM

In the clients settings at "IPv4 Remote network(s)" enter "0.0.0.0/0" to set the default route.

If you also want to route IPv6 over the vpn enter "::/0" at "IPv6 Remote network(s)".

It will also be a good advice for your setup to assign interfaces to both vpn servers on the main site.

SipriusPT · Jun 19, 2018, 1:20 PM

@viragomann said in All traffic (including internet) over site to site OpenVPN:

In the clients settings at “IPv4 Remote network(s)” enter “0.0.0.0/0” to set the default route.
If you also want to route IPv6 over the vpn enter “::/0” at “IPv6 Remote network(s)”.
It will also be a good advice for your setup to assign interfaces to both vpn servers on the main site.

I have set IPv4 Remote network to 0.0.0.0/0 and without anything but I lose contact with main site. =/

Also I am not using IPv6.

Assign an interface per vpn server?

SipriusPT · Jun 19, 2018, 1:36 PM

In main site I have this setup at Tunnel Settings:

SipriusPT · Jun 19, 2018, 1:43 PM

On secundary site, in OpenVPN server:

SipriusPT · Jun 19, 2018, 3:51 PM

This is the scenario thata I am trying to accomplish:

viragomann · Jun 19, 2018, 9:34 PM

Maybe the 0.0.0.0/0 route was a bad idea. When "Redirect gateway" is checked in the OpenVPN server settings, pfSense splits the default and sets two routing entries:
0.0.0.0/1
128.0.0.0/1
So you can try it with these two subnets.

SipriusPT · Jun 20, 2018, 9:39 AM

This post is deleted!

SipriusPT · Jun 20, 2018, 2:54 PM

@viragomann said in All traffic (including internet) over site to site OpenVPN:

Maybe the 0.0.0.0/0 route was a bad idea. When "Redirect gateway" is checked in the OpenVPN server settings, pfSense splits the default and sets two routing entries:
0.0.0.0/1
128.0.0.0/1
So you can try it with these two subnets.

|-You are my Hero(!) Viragomann!!!-|

I have made lots of testing and read lots of documentation in past 3 days, using ping and traceroute with local and external IPs and FQDN, and I was ONLY able to achieve this doing in secundary OpenVPN side, IPv4 Remote network,

0.0.0.0/1,128.0.0.0/1

I notice that I was not able to pass all traffic with just 0.0.0.0/1 or 128.0.0.0/1, but only certain parts of traffic. With both I was able to pass all traffic.

Also in NAT Outbound at primary site, I have change the source to 10.0.10.0/24 for WAN address, who in this case was my WAN_VLAN address.

Thank you one more time!

Hope that this could help others trying to achieve the same.

viragomann · Jun 20, 2018, 8:59 PM

0.0.0.0/0 = 0.0.0.0/1 + 128.0.0.0/1
Both are the whole IPv4 range. I don't know, why OpenVPN splits the range into two parts. Maybe this way it is applied with lower prio or cause the default route for 0.0.0.0/0 already points to the WAN gateway in most cases and FreeBSD has no metric option.

kpa · Jun 21, 2018, 4:29 PM

@viragomann The reason for the split is that the two routes can be simply added to the routing table without touching the existing 0.0.0.0/0 route and removed to restore the old default route.

SipriusPT · Jul 20, 2018, 3:51 PM

After setting this up, and installed this router in the remote side, after several days of testing I notice that there was a 50% decrease on internet speed, so I had to route just the traffic for my primary side, and leaving the remote side with his own uplink for internet.

From primary side to secundary, there is a distance of 30kms, and both have uplinks of 100/100 Mbps.

Here is the issue described:

https://forum.netgate.com/topic/133011/solved-loss-of-internet-speed-while-on-vpn-from-site-to-site