Routing traffic between two (openvpn client --> openvpn server)



  • I have:

    • Two openvpn client ("all-client" and "VOIP_client") that connect to
    • two openvpn servers ("openvpn" and "FreePBX").
    • I have two interfaces ("GCPVPNINTERFACE" and "FREEPBXVPNINTERFACE") and.
    • two gateways ("GCPVPNINTERFACE_VPN4" and "FREEPBXVPNINTERFACE_VPN4").

    I have "all-client" and "VOIP_client" successfully connecting to "openvpn" and "FreePBX" respectively. I have traffic pass successfully through LAN --> GCPVPNINTERFACE / GCPVPNINTERFACE_VPN4 --> openvpn server

    I would like to (but not successful) route VOIP_phones traffic through FREEPBXVPNINTERFACE / FREEPBXVPNINTERFACE_VPN4 --> FreePBX server (see this post).

    I created a rule (on top) LAN:
    Protocol IPv4
    Source VOIP_PHONES
    Port *
    Destination *
    Port *
    Gateway FREEPBXVPNINTERFACE_VPN4

    However, State for VOIP_PHONES shows CLOSED:SYN_SENT and SYN_SENT:CLOSED If I change the Gateway to GCPVPNINTERFACE_VPN4 or WAN phones connect ESTABLISHED:ESTABLISHED.

    If I ping the FreePBX server as FREEPBXVPNINTERFACE I got 100.0% packet loss. If I ping the FreePBX from my computer (or GCPVPNINTERFACE) I got 0% packet loss

    It looks like the FREEPBXVPNINTERFACE / Gateway is not passing the traffic. Any idea on how to troubleshoot this?



  • Have you added an outbound NAT rule to the FREEPBXVPNINTERFACE as I suggested in the other thread?



  • Thank you @viragomann for replying back. Here are what I did:

    • ّI made the NAT and rule that you suggested.
      Firewall >> NAT >> Outbound
      pfSense_localdomain_-_Firewall__NAT__Outbound.png

    • I used one IP phone only to minimize disruption
      pfSense_localdomain_-_Firewall__Rules__LAN.png

    With this I am getting for IP phone via FREEPBXVPNINTERFACE CLOSED:SYN_SENT & SYN_SENT:CLOSED.

    LAN 	tcp 	192.168.30.20:5891 -> FreePBX_IP:5061 	CLOSED:SYN_SENT 	6 / 0 	360 B / 0 B 	
    FREEPBXVPNINTERFACE 	tcp 	10.55.2.2:11790 (192.168.30.20:5891) -> FreePBX_IP:5061 	SYN_SENT:CLOSED 	6 / 0 	360 B / 0 B
    

    Even though, the FreepBX VOIP_client (in pfsense) is connected to the FreePBX (openvpn service) server.

    freepbx__carepointinfusion_net__-_FreePBX_Administration.png

    For reference. My other IP phone connecting fine through GCPVPNINTERFACE (IP phone >> GCP_OpenVPN server >> FreePBX server)

    LAN 	tcp 	192.168.30.15:5585 -> FreePBX_IP:5061 	ESTABLISHED:ESTABLISHED 	1.283 K / 1.014 K 	536 KiB / 376 KiB 	
    GCPVPNINTERFACE 	tcp 	10.8.0.7:9079 (192.168.30.15:5585) -> FreePBX_IP:5061 	ESTABLISHED:ESTABLISHED 	1.283 K / 1.014 K 	536 KiB / 376 KiB 	
    

    IP phone with built in VPN client leaving from GCPVPNINTERFACE (double VPN ) (IP phone >> GCP_OpenVPN server >> FreePBX server)

    LAN 	udp 	192.168.30.21:35514 -> FreePBX_IP:1194 	MULTIPLE:MULTIPLE 	588 / 585 	44 KiB / 44 KiB 	
    GCPVPNINTERFACE 	udp 	10.8.0.7:10353 (192.168.30.21:35514) -> FreePBX_IP:1194 	MULTIPLE:MULTIPLE 	588 / 585 	44 KiB / 44 KiB
    

    With that said, I did few more troubleshooting. Since I have another standalone VPN server "openvpn", I downloaded a second client from "openvpn" and installed it in pfsense and it worked.

    I downloaded client file from FreePBX and installed it on an IP phone with VPN capability and it worked (traffic exit through "GCPVPNINTERFACE").

    So, it seems a FreePBX <--> VOIP_client in pfsense connection not working even though I changed the VPN subnets for the different servers10.8.0.7, and 10.55.2.2

    I am not sure how to troubleshoot this and why this is happening.



  • @viragomann any tips on troubleshooting?


Log in to reply