Routing OpenVPN not working



  • Hi!
    I have a tunnel peer-to-peer (shared key) by OpenVPN on PFSense 2.3.5 as server and 2.1.5 as client.
    Tunnel is working, ping is both from the client side to the server network and back, but there is only it from the gateways. If I start ping from the client's network to the server's network, there is no connection.
    I create rule in server side firewall - rules - OpenVPN
    0_1535353676836_1.jpg
    and same rule at client.
    In LAN there is rule
    0_1535353846630_index.jpg
    Port 1194 in WAN interface is opened.
    maybe I'm missing something? I ask for help

    Settings on server side:
    Server mode - Peer to peer (Shared key)
    Protocol - UDP
    Device mode - Tun

    Local net - 192.168.72.0/24
    Remote net - 192.168.166.0/24
    Tunnel net - 192.168.100.0/24

    Settings on client side:
    Server mode - Peer to peer (Shared key)
    Protocol - UDP
    Device mode - Tun

    Local net - 192.168.166.0/24
    Remote net - 192.168.72.0/24
    tunnel net - 192.168.100.0/24



  • Don't use the tunnel net in any Firewall rule.
    For testing:
    Interface LAN both sides Source Local net to Destination any.
    Interface OpenVPN both sides any to any (like you show in the first screen, put in on both sides).

    -Rico



  • @desroze said in Routing OpenVPN not working:

    PFSense 2.3.5 as server and 2.1.5 as client

    A good starting point would be : do not mix recent and ancient software.
    2.1.5 is way to old.



  • @rico said in Routing OpenVPN not working:

    Don't use the tunnel net in any Firewall rule.
    For testing:
    Interface LAN both sides Source Local net to Destination any.

    no result of this rule, I tested it before

    Interface OpenVPN both sides any to any (like you show in the first screen, put in on both sides).

    -Rico

    in both sides work such rule

    @gertjan said in Routing OpenVPN not working:

    @desroze said in Routing OpenVPN not working:

    PFSense 2.3.5 as server and 2.1.5 as client

    A good starting point would be : do not mix recent and ancient software.
    2.1.5 is way to old.

    I know it, but it's time solution, because 2.1.5 was installed very very before, now I will upgrade it, but it will not be immediately, this PFSense not in my physical nearaing



  • When you Ping from Client side 192.168.166.0/24 to server side 192.168.72.0/24 do you see anything in the Firewall Logs (pfSense side 192.168.72.0/24) ?
    Are you maybe on manual NAT?
    You use pfSense on both sides as your local Gateway for the Clients?

    -Rico



  • @rico said in Routing OpenVPN not working:

    When you Ping from Client side 192.168.166.0/24 to server side 192.168.72.0/24 do you see anything in the Firewall Logs (pfSense side 192.168.72.0/24) ?

    nope, in firewall log I have nothing events, wich contains my local\WAN\tunnel IP-addresses, and I understanding that problem in this, not not understand where exactly

    Are you maybe on manual NAT?
    You use pfSense on both sides as your local Gateway for the Clients?

    -Rico

    I use PFSense as GW at local network, with the exception of DNS, this function performs AD.
    Config from local PC at server side

    DEVICE=eth0
    BOOTPROTO=none
    ONBOOT=yes
    TYPE=Ethernet
    USERCTL=no
    IPV6INIT=no
    PEERDNS=yes
    NETMASK=255.255.255.0
    IPADDR=192.168.72.5
    GATEWAY=192.168.72.1
    

    Client side

    DEVICE=eth0
    TYPE=Ethernet
    ONBOOT=yes
    NM_CONTROLLED=yes
    BOOTPROTO=none
    IPADDR=192.168.166.3
    PREFIX=24
    GATEWAY=192.168.166.1
    DEFROUTE=yes
    IPV4_FAILURE_FATAL=yes
    IPV6INIT=no
    NAME="System eth0"
    NETMASK=255.255.255.0
    


  • No more assumptions?
    How I read in another topic "It is a canonical task from ANY manuals", but why it not working? Maybe anyone know actuall manual for this task, with detail instructions, or another forum for my question?


  • Netgate

    Not sure what you want when you're using an ancient version like 2.1.5. Not a lot of people want to spend time chasing long-fixed bugs and problems. You should consider upgrading and seeing if the issue is fixed.



  • @derelict said in Routing OpenVPN not working:

    Not sure what you want when you're using an ancient version like 2.1.5. Not a lot of people want to spend time chasing long-fixed bugs and problems. You should consider upgrading and seeing if the issue is fixed.

    I wrote earlyer, upgrade is in my plans, but NOW I can't do it so fast, so I need solve this question.
    I understand your answer, thanks