Routing Issues Between Pfsense to Psense OpenVPN

OpenVPN
Log in to reply
  • B

    I have 2 pfSense routers setup, one at my house and one at my parents house.  I successfully got an Open VPN connection up and working between them.  The problem I am running into now is I cannot hit hosts behind the router at my parent's house.  I can ping the router all day long though.  Also, from my parent's side, they can ping my router and all hosts behind it.  I know its something with the routing table but I am not sure what as I am not too familiar with open VPN tunnels.

    Here is the data:

    My house network: 192.168.2.0 /24  GW 192.168.2.1
    Parent's House: 192.168.1.0 /24    GW: 192.168.1.1
    VPN Tunnel 192.168.254.xxx

    Now below are the route tables.  Public ips are xxx'd out a bit.

    Parent's House Route Table:  (open vpn client)

    
default 	75.xxx.xxx.xxx	UGS 	0 	2082017 	1500 	fxp1 	 
75.66.xxx.xxx/21 	link#2 	UC 	0 	0 	1500 	fxp1 	 
75.66.xxx.xxx	00:01:5c:24:59:02 	UHLW 	2 	0 	1500 	fxp1 	1200
75.66.xxx.xxx 	127.0.0.1 	UGHS 	0 	0 	16384 	lo0 	 
127.0.0.1 	127.0.0.1 	UH 	1 	0 	16384 	lo0 	 
192.168.1.0/24 	link#1 	UC 	0 	0 	1500 	fxp0 	 
192.168.1.1 	192.168.1.2 	UH 	1 	0 	1500 	tun0 	 
192.168.1.11 	00:14:bf:90:6f:d1 	UHLW 	1 	42075 	1500 	fxp0 	1194
192.168.1.100 	00:90:27:0f:a2:de 	UHLW 	1 	139460 	1500 	fxp0 	777
192.168.1.102 	00:e0:4d:74:77:74 	UHLW 	1 	2621637 	1500 	fxp0 	772
192.168.2.0/24 	192.168.1.1 	UGS 	0 	190 	1500 	tun0

    My House routing table:  (openvpn server)

    
default 	75.66.xxx.xxx 	UGS 	0 	497205 	1500 	dc1 	 
75.66.xxx.xxx/24 	link#2 	UC 	0 	0 	1500 	dc1 	 
75.66.xxx.xxx 	00:09:12:80:60:01 	UHLW 	2 	429 	1500 	dc1 	1187
75.66.xxx.xxx 	127.0.0.1 	UGHS 	0 	0 	16384 	lo0 	 
127.0.0.1 	127.0.0.1 	UH 	1 	0 	16384 	lo0 	 
192.168.1.0/24 	192.168.254.2 	UGS 	0 	149 	1500 	tun0 	 
192.168.2.0/24 	link#1 	UC 	0 	0 	1500 	dc0 	 
192.168.2.10 	00:04:23:cd:25:5d 	UHLW 	1 	365 	1500 	dc0 	951
192.168.2.20 	00:18:f3:6c:1a:ca 	UHLW 	1 	591170 	1500 	dc0 	209
192.168.2.21 	00:03:ff:6e:12:ef 	UHLW 	1 	2381 	1500 	dc0 	809
192.168.2.22 	00:16:cf:14:50:49 	UHLW 	1 	10848 	1500 	dc0 	1102
192.168.254.2 	192.168.254.1 	UH 	1 	0 	1500 	tun0

    Traceroute to remote host from Parent's house (trace to 192.168.2.10):

    
 1  192.168.254.1 (192.168.254.1)  46.022 ms  28.921 ms  39.970 ms
 2  192.168.2.10 (192.168.2.10)  31.845 ms  28.563 ms  24.389 ms

    Traceroute to remote host from my house (trace to 192.168.1.10):

    
 1     9 ms    <1 ms    <1 ms  192.168.2.1]
 2    25 ms    23 ms    21 ms  192.168.1.2
 3     *        *        *     Request timed out.
 4     *        *        *     Request timed out.
-continues timing out to max hops-
    0
  • B

    Had the same problem, I added the hosts to the DNS forwarder on both ends, and BINGO I can ping both sides from either direction.

    0
  • K

    I think these routes are the problem:

    
192.168.1.1 	192.168.1.2 	UH 	1 	0 	1500 	tun0 	 
192.168.2.0/24 	192.168.1.1 	UGS 	0 	190 	1500 	tun0

    First, the gateway for 192.168.2.0/24 should be the other endpoint of the OpenVPN tunnel, 192.168.254.1. Not sure what the other route is about, but it's weird.

    I haven't used OpenVPN in pfSense though, so I'm not sure what you'd need to change to fix this.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy