Routing traffic between two (openvpn client --> openvpn server)

moussa854

I have:

Two openvpn client ("all-client" and "VOIP_client") that connect to
two openvpn servers ("openvpn" and "FreePBX").
I have two interfaces ("GCPVPNINTERFACE" and "FREEPBXVPNINTERFACE") and.
two gateways ("GCPVPNINTERFACE_VPN4" and "FREEPBXVPNINTERFACE_VPN4").

I have "all-client" and "VOIP_client" successfully connecting to "openvpn" and "FreePBX" respectively. I have traffic pass successfully through LAN --> GCPVPNINTERFACE / GCPVPNINTERFACE_VPN4 --> openvpn server

I would like to (but not successful) route VOIP_phones traffic through FREEPBXVPNINTERFACE / FREEPBXVPNINTERFACE_VPN4 --> FreePBX server (see this post).

I created a rule (on top) LAN:
Protocol IPv4
Source VOIP_PHONES
Port *
Destination *
Port *
Gateway FREEPBXVPNINTERFACE_VPN4

However, State for VOIP_PHONES shows CLOSED:SYN_SENT and SYN_SENT:CLOSED If I change the Gateway to GCPVPNINTERFACE_VPN4 or WAN phones connect ESTABLISHED:ESTABLISHED.

If I ping the FreePBX server as FREEPBXVPNINTERFACE I got 100.0% packet loss. If I ping the FreePBX from my computer (or GCPVPNINTERFACE) I got 0% packet loss

It looks like the FREEPBXVPNINTERFACE / Gateway is not passing the traffic. Any idea on how to troubleshoot this?

viragomann

Have you added an outbound NAT rule to the FREEPBXVPNINTERFACE as I suggested in the other thread?

moussa854

Thank you @viragomann for replying back. Here are what I did:

ّI made the NAT and rule that you suggested.
Firewall >> NAT >> Outbound
I used one IP phone only to minimize disruption

With this I am getting for IP phone via FREEPBXVPNINTERFACE CLOSED:SYN_SENT & SYN_SENT:CLOSED .

LAN 	tcp 	192.168.30.20:5891 -> FreePBX_IP:5061 	CLOSED:SYN_SENT 	6 / 0 	360 B / 0 B 	
FREEPBXVPNINTERFACE 	tcp 	10.55.2.2:11790 (192.168.30.20:5891) -> FreePBX_IP:5061 	SYN_SENT:CLOSED 	6 / 0 	360 B / 0 B

Even though, the FreepBX VOIP_client (in pfsense) is connected to the FreePBX (openvpn service) server.

freepbx__carepointinfusion_net__-_FreePBX_Administration.png

For reference. My other IP phone connecting fine through GCPVPNINTERFACE (IP phone >> GCP_OpenVPN server >> FreePBX server)

LAN 	tcp 	192.168.30.15:5585 -> FreePBX_IP:5061 	ESTABLISHED:ESTABLISHED 	1.283 K / 1.014 K 	536 KiB / 376 KiB 	
GCPVPNINTERFACE 	tcp 	10.8.0.7:9079 (192.168.30.15:5585) -> FreePBX_IP:5061 	ESTABLISHED:ESTABLISHED 	1.283 K / 1.014 K 	536 KiB / 376 KiB

IP phone with built in VPN client leaving from GCPVPNINTERFACE (double VPN ) (IP phone >> GCP_OpenVPN server >> FreePBX server)

LAN 	udp 	192.168.30.21:35514 -> FreePBX_IP:1194 	MULTIPLE:MULTIPLE 	588 / 585 	44 KiB / 44 KiB 	
GCPVPNINTERFACE 	udp 	10.8.0.7:10353 (192.168.30.21:35514) -> FreePBX_IP:1194 	MULTIPLE:MULTIPLE 	588 / 585 	44 KiB / 44 KiB

With that said, I did few more troubleshooting. Since I have another standalone VPN server "openvpn", I downloaded a second client from "openvpn" and installed it in pfsense and it worked.

I downloaded client file from FreePBX and installed it on an IP phone with VPN capability and it worked (traffic exit through "GCPVPNINTERFACE").

So, it seems a FreePBX <--> VOIP_client in pfsense connection not working even though I changed the VPN subnets for the different servers10.8.0.7 , and 10.55.2.2

I am not sure how to troubleshoot this and why this is happening.

moussa854

@viragomann any tips on troubleshooting?