• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Gateway offline after adding Client Specific Overrides for OpenVPN

Scheduled Pinned Locked Moved OpenVPN
pfsenseopenvpngateway
5 Posts 3 Posters 824 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    TrippleDke
    last edited by Apr 11, 2020, 3:42 PM

    Hi

    I have a PFSense working as OpenVPN-server and the RUT955 as openVPNclient. The setup is P2P SSL/TLS

    • PFSense IP = 192.168.1.1 with behind it a PC with IP 192.168.1.101
    • RUT955 IP = 192.168.2.1 with behind it a PC with IP 192.168.2.20
    • Tunnel Network = 192.168.3.0/24; client = 192.168.3.2; server = 192.168.3.1

    I couldn't ping the RUT955 LAN so I added a Client Specific Override to acces te LAN network of the RUT955.

    After adding the COS i managed to ping the LAN of RUT955. However when I do a ping to the client Tunnel 192.168.3.2 the ping fails. 192.168.3.1 works just fine.

    I went to see the status and logs of the Gateway. And I get the next result.

    5.PNG
    6.PNG

    So how is it possible the traffic goes through to the LAN of the RUT955 but the Gateway is offline? Are there any sollutions for this?

    Thanks!

    1 Reply Last reply Reply Quote 0
    • R
      Rico LAYER 8 Rebel Alliance
      last edited by Apr 11, 2020, 3:54 PM

      Hard to say with only a few pieces of information. Post your OpenVPN Config and Firewall Rules (Screenshots).

      -Rico

      1 Reply Last reply Reply Quote 0
      • T
        TrippleDke
        last edited by Apr 11, 2020, 4:12 PM

        Configuration of OpenVPN-server:

        Bijlage 2.PNG
        Bijlage 3.PNG
        Bijlage 4.PNG
        bijlage 5.PNG
        Bijlage 6.PNG

        Firewall rules:

        test.PNG

        1 Reply Last reply Reply Quote 0
        • D
          Derelict LAYER 8 Netgate
          last edited by Apr 11, 2020, 4:45 PM

          @TrippleDke said in Gateway offline after adding Client Specific Overrides for OpenVPN:

          RUT955 IP = 192.168.2.1 with behind it a PC with IP 192.168.2.20

          Assuming a /24 netmasks there, which were left unspecified, that doesn't indicate that is a router. That indicates it is a bridge.

          If this is a peer-to-peer network for just one peer, just change the tunnel network to a /30 and stop worrying about CSOs.

          Not exactly sure what you are trying to accomplish there. You might need to draw an actual diagram.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • T
            TrippleDke
            last edited by Apr 11, 2020, 4:58 PM

            Yes the netmasks are all /24. For now it is 1 peer for testing. But in the future i would like to have the possibility to add more clients. The following is what I'm trying to accomplish:

            test.png

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received