Routing Issues Between Pfsense to Psense OpenVPN

bugalou

I have 2 pfSense routers setup, one at my house and one at my parents house.  I successfully got an Open VPN connection up and working between them.  The problem I am running into now is I cannot hit hosts behind the router at my parent's house.  I can ping the router all day long though.  Also, from my parent's side, they can ping my router and all hosts behind it.  I know its something with the routing table but I am not sure what as I am not too familiar with open VPN tunnels.

Here is the data:

My house network: 192.168.2.0 /24  GW 192.168.2.1
Parent's House: 192.168.1.0 /24    GW: 192.168.1.1
VPN Tunnel 192.168.254.xxx

Now below are the route tables.  Public ips are xxx'd out a bit.

Parent's House Route Table:  (open vpn client)

default 	75.xxx.xxx.xxx	UGS 	0 	2082017 	1500 	fxp1 	 
75.66.xxx.xxx/21 	link#2 	UC 	0 	0 	1500 	fxp1 	 
75.66.xxx.xxx	00:01:5c:24:59:02 	UHLW 	2 	0 	1500 	fxp1 	1200
75.66.xxx.xxx 	127.0.0.1 	UGHS 	0 	0 	16384 	lo0 	 
127.0.0.1 	127.0.0.1 	UH 	1 	0 	16384 	lo0 	 
192.168.1.0/24 	link#1 	UC 	0 	0 	1500 	fxp0 	 
192.168.1.1 	192.168.1.2 	UH 	1 	0 	1500 	tun0 	 
192.168.1.11 	00:14:bf:90:6f:d1 	UHLW 	1 	42075 	1500 	fxp0 	1194
192.168.1.100 	00:90:27:0f:a2:de 	UHLW 	1 	139460 	1500 	fxp0 	777
192.168.1.102 	00:e0:4d:74:77:74 	UHLW 	1 	2621637 	1500 	fxp0 	772
192.168.2.0/24 	192.168.1.1 	UGS 	0 	190 	1500 	tun0 	 

My House routing table:  (openvpn server)

default 	75.66.xxx.xxx 	UGS 	0 	497205 	1500 	dc1 	 
75.66.xxx.xxx/24 	link#2 	UC 	0 	0 	1500 	dc1 	 
75.66.xxx.xxx 	00:09:12:80:60:01 	UHLW 	2 	429 	1500 	dc1 	1187
75.66.xxx.xxx 	127.0.0.1 	UGHS 	0 	0 	16384 	lo0 	 
127.0.0.1 	127.0.0.1 	UH 	1 	0 	16384 	lo0 	 
192.168.1.0/24 	192.168.254.2 	UGS 	0 	149 	1500 	tun0 	 
192.168.2.0/24 	link#1 	UC 	0 	0 	1500 	dc0 	 
192.168.2.10 	00:04:23:cd:25:5d 	UHLW 	1 	365 	1500 	dc0 	951
192.168.2.20 	00:18:f3:6c:1a:ca 	UHLW 	1 	591170 	1500 	dc0 	209
192.168.2.21 	00:03:ff:6e:12:ef 	UHLW 	1 	2381 	1500 	dc0 	809
192.168.2.22 	00:16:cf:14:50:49 	UHLW 	1 	10848 	1500 	dc0 	1102
192.168.254.2 	192.168.254.1 	UH 	1 	0 	1500 	tun0 	 

Traceroute to remote host from Parent's house (trace to 192.168.2.10):

 1  192.168.254.1 (192.168.254.1)  46.022 ms  28.921 ms  39.970 ms
 2  192.168.2.10 (192.168.2.10)  31.845 ms  28.563 ms  24.389 ms

Traceroute to remote host from my house (trace to 192.168.1.10):

 1     9 ms    <1 ms    <1 ms  192.168.2.1]
 2    25 ms    23 ms    21 ms  192.168.1.2
 3     *        *        *     Request timed out.
 4     *        *        *     Request timed out.
-continues timing out to max hops-

BrianBonnell

Had the same problem, I added the hosts to the DNS forwarder on both ends, and BINGO I can ping both sides from either direction.

ktims

I think these routes are the problem:

192.168.1.1 	192.168.1.2 	UH 	1 	0 	1500 	tun0 	 
192.168.2.0/24 	192.168.1.1 	UGS 	0 	190 	1500 	tun0 	 

First, the gateway for 192.168.2.0/24 should be the other endpoint of the OpenVPN tunnel, 192.168.254.1. Not sure what the other route is about, but it's weird.

I haven't used OpenVPN in pfSense though, so I'm not sure what you'd need to change to fix this.