Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN between PFSense box's Little help please

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FrAsErTaG
      last edited by

      Hi guys
      Well this website has provided me with a wealth of information and this is my first post and just wanted to say thanks!!!

      I have the following setup

      Site 1                                             Site 2
      PFSense–-------------WAN-----------PFSENSE
      10.8.8.0/24----------OVPN TUNNEL-----10.8.8.0/24
                              |  |     |                 |
      10.5.1.0/24------|  |     |                 |
                                 |     |                   -----10.5.4.0/24
      10.5.11.0/24-------|     |
                                       |
                              Road Warriors

      Basically I am trying to push two subnets to Site 2
      From the PFSENSE machine at site two I can ping and trace both subnets.
      From a Road warrior with OVPN for windows running I can trace both subnets at site one. I cannot reach site 2's subnet without
      going into cmd.exe and adding
      route add 10.5.4.0 mask 255.255.255.0 10.8.8.9 (gateway on this roadwarrior) if tap

      Thats the background I guess

      from the machines at site2 using PFsense as a gateway I can only get to subnet 10.5.1.0/24 not the other subnet.
      I am using PKI obviously
      here is what is in the custom options on the Server at site1
      route 10.5.4.0 255.255.0.0;push "route 10.5.1.0 255.255.255.0";push "route 10.5.11.0 255.255.255.0"

      If i switch push "route 10.5.1.0 255.255.255.0";push "route 10.5.11.0 255.255.255.0"
      to  push "route 10.5.11.0 255.255.255.0";"route 10.5.1.0 255.255.255.0"
      I then get access to 10.5.11.0 not 10.5.1.0 as noted above.

      However from the PFsense machine at the remote site I have access to both and the road warriors do aswell.
      Does anyone know where I might be going wrong?

      PS. I have not entered anything in custom option on the client pfsense however
      under client specific settings im using the common name correctly with the custom options as
      iroute 10.5.4.0 255.255.255.0

      Any help much appreciated

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        So you actually have the roadwarriors on the same openVPN server instance than the site-to-site connection?

        I wouldnt do that.
        Keep them separate.

        One instance in PSK setup for the site-to-site.
        One instance in PKI setup for the roadwarriors.

        Like this you can use routes for the site-to-site and pushes for the roadwarriors.

        If you keep them together it gets nasty with client specific pushes and you'll never have satisfactory client separation.

        This was a very recent similar problem:
        http://forum.pfsense.org/index.php/topic,16028.0.html

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.