• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OPENVPN INTERSITE MULTI GATEWAY

OpenVPN
2
4
583
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    max33
    last edited by Oct 28, 2018, 1:49 PM

    HI
    I need to connect two site using two pfsense and open vpn site to site peer key but i got one difficulty as the LAN side is managed by an other gateway.

    TO resume i got :

    SITE A:
    1 TSE SERVER IP : 10.10.10.250 connected to pfsense 10.10.10.253 and using specific gateway as WAN

    SITE B:

    one LAN 192.168.5.0/24 connected to a specific gateway (ADSL modem) 192.168.5.254 that i am not allowed to used for routing my vpn .

    Then i add another modem as second gateway and one pfsense.

    My pfsense got the second gateway as WAN and got lan interface connected to LAN switch as 192.168.5.253.

    I also add route on machine :
    route -p add 10.10.10.0 mask 255.255.255.0 192.168.5.253

    Openvpn is up and machine can connect t server 10.10.10.250

    BUT i am not able to reach printer in the LAN SITE of SITE B from SERVER 10.10.10.250.

    From SERVER 10.10.10.250 i was able to ping 192.168.5.253 (pfsense of SITE B) but not printer (192.168.5.200)

    If i try ping from pfsense of SITE B with source LAN ping works , but if i try ping from open vPN it s not working .

    I suspect that i add to add a reoute somewhere in pfsense Site B but i am a litlle bit lost .

    Any advice ???

    1 Reply Last reply Reply Quote 0
    • M
      max33
      last edited by Oct 28, 2018, 3:13 PM

      I make some progress and i think i found the issue but don't know how to resolve.

      From my point of view when server in site A (10.10.10.250) send packet to printer in site B (192.168.5.) , the packet arrive to printer but when printer want to respond printer contact its gateway 192,168.5.254 and not the pfsense (192.168.5.253).

      I am quite sure that i have to work with Firewall/NAT/Outbound and i saw some note on it https://forum.netgate.com/topic/101506/solved-openvpn-routing-and-nat-rules-single-wan-dual-lan/3

      but i tried and it s not working.

      I probably not creating the rule correctly

      what i made

      In pfsense Site B
      Firewall > NAT > Outbound
      Mark "Hybrid rule generation" and hit save.

      Then add this rule:

      interface = LAN
      Protocol = any
      Source = Network 10.12.101.0/27 (the vpn tunnel between site A and B)
      Destination = any
      Translation = Interface address

      I also perfomr a packet cpature on lan interface and i saw icmp coming form 10.10.10.250 > 192.168.5.200 but don't know if nat is working ..

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by Oct 28, 2018, 4:35 PM

        The source network in the rule has to be the LAN of site A in your case, since it is a site-to-site.

        1 Reply Last reply Reply Quote 1
        • M
          max33
          last edited by Oct 28, 2018, 4:38 PM

          Thanks you very much you save my day ;)

          I worked on it for few hours now and the solution was in fact very simple

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.