Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing traffic between two (openvpn client --> openvpn server)

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 448 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      moussa854
      last edited by moussa854

      I have:

      • Two openvpn client ("all-client" and "VOIP_client") that connect to
      • two openvpn servers ("openvpn" and "FreePBX").
      • I have two interfaces ("GCPVPNINTERFACE" and "FREEPBXVPNINTERFACE") and.
      • two gateways ("GCPVPNINTERFACE_VPN4" and "FREEPBXVPNINTERFACE_VPN4").

      I have "all-client" and "VOIP_client" successfully connecting to "openvpn" and "FreePBX" respectively. I have traffic pass successfully through LAN --> GCPVPNINTERFACE / GCPVPNINTERFACE_VPN4 --> openvpn server

      I would like to (but not successful) route VOIP_phones traffic through FREEPBXVPNINTERFACE / FREEPBXVPNINTERFACE_VPN4 --> FreePBX server (see this post).

      I created a rule (on top) LAN:
      Protocol IPv4
      Source VOIP_PHONES
      Port *
      Destination *
      Port *
      Gateway FREEPBXVPNINTERFACE_VPN4

      However, State for VOIP_PHONES shows CLOSED:SYN_SENT and SYN_SENT:CLOSED If I change the Gateway to GCPVPNINTERFACE_VPN4 or WAN phones connect ESTABLISHED:ESTABLISHED.

      If I ping the FreePBX server as FREEPBXVPNINTERFACE I got 100.0% packet loss. If I ping the FreePBX from my computer (or GCPVPNINTERFACE) I got 0% packet loss

      It looks like the FREEPBXVPNINTERFACE / Gateway is not passing the traffic. Any idea on how to troubleshoot this?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Have you added an outbound NAT rule to the FREEPBXVPNINTERFACE as I suggested in the other thread?

        1 Reply Last reply Reply Quote 0
        • M
          moussa854
          last edited by moussa854

          Thank you @viragomann for replying back. Here are what I did:

          • ّI made the NAT and rule that you suggested.
            Firewall >> NAT >> Outbound
            pfSense_localdomain_-_Firewall__NAT__Outbound.png

          • I used one IP phone only to minimize disruption
            pfSense_localdomain_-_Firewall__Rules__LAN.png

          With this I am getting for IP phone via FREEPBXVPNINTERFACE CLOSED:SYN_SENT & SYN_SENT:CLOSED .

          LAN 	tcp 	192.168.30.20:5891 -> FreePBX_IP:5061 	CLOSED:SYN_SENT 	6 / 0 	360 B / 0 B 	
FREEPBXVPNINTERFACE 	tcp 	10.55.2.2:11790 (192.168.30.20:5891) -> FreePBX_IP:5061 	SYN_SENT:CLOSED 	6 / 0 	360 B / 0 B

          Even though, the FreepBX VOIP_client (in pfsense) is connected to the FreePBX (openvpn service) server.

          freepbx__carepointinfusion_net__-_FreePBX_Administration.png

          For reference. My other IP phone connecting fine through GCPVPNINTERFACE (IP phone >> GCP_OpenVPN server >> FreePBX server)

          LAN 	tcp 	192.168.30.15:5585 -> FreePBX_IP:5061 	ESTABLISHED:ESTABLISHED 	1.283 K / 1.014 K 	536 KiB / 376 KiB 	
GCPVPNINTERFACE 	tcp 	10.8.0.7:9079 (192.168.30.15:5585) -> FreePBX_IP:5061 	ESTABLISHED:ESTABLISHED 	1.283 K / 1.014 K 	536 KiB / 376 KiB

          IP phone with built in VPN client leaving from GCPVPNINTERFACE (double VPN ) (IP phone >> GCP_OpenVPN server >> FreePBX server)

          LAN 	udp 	192.168.30.21:35514 -> FreePBX_IP:1194 	MULTIPLE:MULTIPLE 	588 / 585 	44 KiB / 44 KiB 	
GCPVPNINTERFACE 	udp 	10.8.0.7:10353 (192.168.30.21:35514) -> FreePBX_IP:1194 	MULTIPLE:MULTIPLE 	588 / 585 	44 KiB / 44 KiB

          With that said, I did few more troubleshooting. Since I have another standalone VPN server "openvpn", I downloaded a second client from "openvpn" and installed it in pfsense and it worked.

          I downloaded client file from FreePBX and installed it on an IP phone with VPN capability and it worked (traffic exit through "GCPVPNINTERFACE").

          So, it seems a FreePBX <--> VOIP_client in pfsense connection not working even though I changed the VPN subnets for the different servers10.8.0.7 , and 10.55.2.2

          I am not sure how to troubleshoot this and why this is happening.

          1 Reply Last reply Reply Quote 0
          • M
            moussa854
            last edited by

            @viragomann any tips on troubleshooting?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.