Routing Issues Between Pfsense to Psense OpenVPN
-
I have 2 pfSense routers setup, one at my house and one at my parents house. I successfully got an Open VPN connection up and working between them. The problem I am running into now is I cannot hit hosts behind the router at my parent's house. I can ping the router all day long though. Also, from my parent's side, they can ping my router and all hosts behind it. I know its something with the routing table but I am not sure what as I am not too familiar with open VPN tunnels.
Here is the data:
My house network: 192.168.2.0 /24 GW 192.168.2.1
Parent's House: 192.168.1.0 /24 GW: 192.168.1.1
VPN Tunnel 192.168.254.xxxNow below are the route tables. Public ips are xxx'd out a bit.
Parent's House Route Table: (open vpn client)
default 75.xxx.xxx.xxx UGS 0 2082017 1500 fxp1 75.66.xxx.xxx/21 link#2 UC 0 0 1500 fxp1 75.66.xxx.xxx 00:01:5c:24:59:02 UHLW 2 0 1500 fxp1 1200 75.66.xxx.xxx 127.0.0.1 UGHS 0 0 16384 lo0 127.0.0.1 127.0.0.1 UH 1 0 16384 lo0 192.168.1.0/24 link#1 UC 0 0 1500 fxp0 192.168.1.1 192.168.1.2 UH 1 0 1500 tun0 192.168.1.11 00:14:bf:90:6f:d1 UHLW 1 42075 1500 fxp0 1194 192.168.1.100 00:90:27:0f:a2:de UHLW 1 139460 1500 fxp0 777 192.168.1.102 00:e0:4d:74:77:74 UHLW 1 2621637 1500 fxp0 772 192.168.2.0/24 192.168.1.1 UGS 0 190 1500 tun0My House routing table: (openvpn server)
default 75.66.xxx.xxx UGS 0 497205 1500 dc1 75.66.xxx.xxx/24 link#2 UC 0 0 1500 dc1 75.66.xxx.xxx 00:09:12:80:60:01 UHLW 2 429 1500 dc1 1187 75.66.xxx.xxx 127.0.0.1 UGHS 0 0 16384 lo0 127.0.0.1 127.0.0.1 UH 1 0 16384 lo0 192.168.1.0/24 192.168.254.2 UGS 0 149 1500 tun0 192.168.2.0/24 link#1 UC 0 0 1500 dc0 192.168.2.10 00:04:23:cd:25:5d UHLW 1 365 1500 dc0 951 192.168.2.20 00:18:f3:6c:1a:ca UHLW 1 591170 1500 dc0 209 192.168.2.21 00:03:ff:6e:12:ef UHLW 1 2381 1500 dc0 809 192.168.2.22 00:16:cf:14:50:49 UHLW 1 10848 1500 dc0 1102 192.168.254.2 192.168.254.1 UH 1 0 1500 tun0Traceroute to remote host from Parent's house (trace to 192.168.2.10):
1 192.168.254.1 (192.168.254.1) 46.022 ms 28.921 ms 39.970 ms 2 192.168.2.10 (192.168.2.10) 31.845 ms 28.563 ms 24.389 msTraceroute to remote host from my house (trace to 192.168.1.10):
1 9 ms <1 ms <1 ms 192.168.2.1] 2 25 ms 23 ms 21 ms 192.168.1.2 3 * * * Request timed out. 4 * * * Request timed out. -continues timing out to max hops-
-
Had the same problem, I added the hosts to the DNS forwarder on both ends, and BINGO I can ping both sides from either direction.
-
I think these routes are the problem:
192.168.1.1 192.168.1.2 UH 1 0 1500 tun0 192.168.2.0/24 192.168.1.1 UGS 0 190 1500 tun0First, the gateway for 192.168.2.0/24 should be the other endpoint of the OpenVPN tunnel, 192.168.254.1. Not sure what the other route is about, but it's weird.
I haven't used OpenVPN in pfSense though, so I'm not sure what you'd need to change to fix this.