[SOLVED] OpenVPN bridging Site-To-Site Interface with Client-Server Interface
-
Not sure if this is possible, but maybe it's as simple as pushing routes to the right place. I've been pulling my hair out over this.
I have site-to-site vpn established with my Main office and my Home lab. The home lab has vm's and other devices that can be accessed from the main office and vice versa. I also have another OpenVPN instance running on the Main office pfSense for normal Client-Server VPN connections. The goal is to get the Client-Server connections to be able to communicate with my Home network devices.
<home vlan>---<pfsense home>--vtun0--<pfSense MAIN>--vtun1--<client laptop(s)>
I've ran wireshark on clients and did find something interesting, I'm just unsure what to do next. I ping the home vlan vm from a client laptop and get no response, or no destination unreachable. With Wireshark running on the home vm, I do see the icmp Request and Reply. Although, the reply is not arriving back to the client laptop. It's getting lost(?) somewhere along the way.
Based off this, my thought is the home vm doesn't know where to route the vtun1 packets. Any ideas? General things I've tried:
- I've pushed routes and manually added routes on the clients without luck. Possible not in the right places though.
- Firewalls are basically disabled right now.
- I have not added any custom port forwarding/NAT rules
I'd be glad to send configs, routes, screen shots, etc in order to get this worked out. It's driving me crazy.
Edit: SOLVED
Like mentioned above, LAN traffic wasn't being routed properly. The LAN ping reply's where leaving out of the WAN and not the Tunnel (vtun0). Since there is no little check box to "Redirect IPv4 Gateway" on Site-to-Site server configuration, not all LAN traffic was being sent to through the tunnel.
The fix was found on a previous post. To fix, log in to your site-to-site Client pfSense instance then..
VPN >> OpenVPN >> Clients >> Edit client s2s interface >> set Remote Networks to: 0.0.0.0/1,128.0.0.0/1