Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with OpenVPN access back to client

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 607 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      KruglerD
      last edited by

      I'm having an issue with openVPN, not sure what setting I missed

      I have a work network on a normal intel PC
      LAN 192.168.0.0/24
      VPN 192.168.70.0/24

      I also have a HyperV at my house connecting to my work network
      Home 192.168.5.0/24
      HyperV 192.168.2.0/24
      VPN 192.168.70.0/24

      I'm using peer to peer (Shared Key), port 1195
      I used this as a guide
      https://www.youtube.com/watch?v=-8xt7LUtYH4&feature=youtu.be

      PFSense states I should not be using routing, but if I leave it alone, the home pc works perfect, but cannot access the home network from work, when I try to change what I think is logical, I end up not being able to communicate anywhere.

      From home, I can ping .70.2, .70.1 and .0.202 .0.200 or any other pc at the work location.

      Now I need something to communicate back to my home, I use tracert and I can ping .70.1, but if I try to make my way farther up the tunnel, it tries to use the WAN to connect to it, showing my public IP, etc.. I cannot ping or go any farther on the 0.0/24 network past the local tunnel address of .70.1.

      Any help would be appreciated, thanks in advance.

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        Post your OpenVPN settings from both server and client.

        1 Reply Last reply Reply Quote 0
        • K Offline
          KruglerD
          last edited by

          Server
          Peer to Peer (Shared Key)
          UDP on IPv4 Only
          tun - Layer 3 Tunnel Mode
          WAN
          1195
          UsernameVPN
          use default direction
          -Shared Key-
          AES-256-CBC (256 bit key, 128 bit block)
          Enable Negotiable Cryptographic Parameters
          AES-256-CBC
          SHA256 (256-bit)
          BSD Cryptodev Engine
          192.168.70.0/24
          ipv6 - blank
          192.168.2.0/24
          ipv6-blank
          25
          disable compression
          TOS disabled
          ping inactive - 0
          ping method - Keepalive
          interval - 10
          Timeout - 60
          Custom Options - Blank
          UDP Fast I/O Disabled
          Exit Notify - Disabled
          Send/Receive Buffer - Default
          Gateway Creation - Both
          Verbosity Level - Default
          -Firewall/Rules/OpenVPN
          Check 17/272MiB IPv4* * * * * * none -

          Client (home)
          Peer to Peer (Shared Key)
          USP on IPv4 Only
          tun - Layer 3
          WAN
          Local port - Blank
          Server - FDQN of office domain
          1195
          Proxy host - blank
          proxy port - blank
          proxy auth - none
          Description - Company VPN
          TLS - Default
          Peer Certificate - None
          -Share Key-
          AES-256-CBC (256 bit Key, 128 bit block)
          Enable Negotiable Cryptographic Parameters
          AES-256-CBC
          SHA256 (256-bit)
          No Hardware Crypto (Hyper-V Disabled)
          192.168.70.0/24
          ipv6 - blank
          192.168.0.0/24
          ipv6-blank
          Limit Outgoing bandwidth - blank
          disable compression
          TOS disabled
          Don't add or remove routes - unchecked
          ping inactive - 0
          ping method - Keepalive
          interval - 10
          Timeout - 60
          Custom Options - Blank
          UDP Fast I/O Disabled
          Exit Notify - Disabled
          Send/Receive Buffer - Default
          Gateway Creation - Both
          Verbosity Level - Default
          -Firewall/Rules/OpenVPN
          Check 0/0B IPv4 TCP * * * * * none - -

          And as I am writing this out, I discovered what it was
          on the OpenVPN firewall rule, the protocol was set to TCP and not any. Once I flipped to "any", it appears all is working.
          TCP is default, so I didn't catch that all data from the VPN is through UDP and the firewall was not allowing it.

          Hopefully this helps someone else, as TCP is the "default"

          V 1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann @KruglerD
            last edited by

            @KruglerD said in Issue with OpenVPN access back to client:

            TCP is default, so I didn't catch that all data from the VPN is through UDP and the firewall was not allowing it.

            UDP is only the OpenVPN tunnel itself. That has nothing to so with packets passing the OpenVPN interface.
            However, pings are on ICMP, neiter TCP nor UdP, hence it didn't work.

            1 Reply Last reply Reply Quote 0
            • K Offline
              KruglerD
              last edited by

              Maybe, and maybe that is why my phone would not communicate is it would ping first, but switching from TCP to Any allowed my phone to operate as expected.

              1 Reply Last reply Reply Quote 0
              • K Offline
                KruglerD
                last edited by

                OK, this has happened several times. What does "Type-of-Service" do? I have had this happen where everything is working just fine, and then all communication drops between the two networks. I go in and toggle off the "Type-Of-Service" on both firewalls and communication is restored.
                I have the TOS on (I'm thinking) so that my VOIP phone on the 2.0 network can utilize traffic shaping on the server on the 0.0 network with higher quality.
                I have not changed anything over the last few days, but just all of a sudden, this was blocked.
                I'm on 2.4.5-RELEASE-p1 on both machines.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.