• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Override local OpenVPN while connecting to remote site

Scheduled Pinned Locked Moved OpenVPN
11 Posts 2 Posters 768 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    g3ck0
    last edited by May 21, 2021, 12:00 PM

    Hi,

    I have two independent - yet similar configured - pfSense sites.

    Let's say:

    • Site-A

    and

    • Site-B

    Hint: I do NOT intend to connect those sites with a Site-to-Site-VPN.

    Furthermore, I would like to connect to each site from "outside" with OpenVPN on-demand.

    Each site is configured fine for this, except one use case:

    If I'm connected locally within one of both sites and try to establish an OpenVPN-Connection to the other site, I get "stuck" in the local net.

    Connecting from mobile data (smartphone) or a third-party, non-pfSense local net does not bring up this issue.

    I guess this might have to do with the mentioned each similar configured local nets of both sites.

    Is there a "quick fix" for this?

    Thanks in advance

    Marco

    V 2 Replies Last reply May 21, 2021, 12:03 PM Reply Quote 0
    • V
      viragomann @g3ck0
      last edited by May 21, 2021, 12:03 PM

      @g3ck0
      Ensure that your client config files includes:

      lport 0
      
      G 1 Reply Last reply May 21, 2021, 12:06 PM Reply Quote 0
      • G
        g3ck0 @viragomann
        last edited by May 21, 2021, 12:06 PM

        @viragomann thanks for your immediate answer.

        I'll check this out and let you know if this already did the trick ;)

        1 Reply Last reply Reply Quote 0
        • G
          g3ck0
          last edited by May 21, 2021, 12:38 PM

          Hmm I double checked this (see attachment) ![alt text](image urlScreenshot_20210521-143309.png )

          ...and lport 0 was definitely already set.

          The issue still remains.

          Any further suggestions? :)

          1 Reply Last reply Reply Quote 0
          • V
            viragomann @g3ck0
            last edited by May 21, 2021, 12:54 PM

            @g3ck0 said in Override local OpenVPN while connecting to remote site:

            If I'm connected locally within one of both sites and try to establish an OpenVPN-Connection to the other site, I get "stuck" in the local net.

            To get it correctly, you're talking about establishing two connections from a single device (mobile) within your network or from pfSense?

            1 Reply Last reply Reply Quote 0
            • G
              g3ck0
              last edited by May 21, 2021, 12:59 PM

              @viragomann Hi,

              Well, if I use mobile data from my smartphone it works without any issues, and therefore, this is not local but a third party net.

              The issue only occurs if I'm connected with wifi with my smartphone / Macbook / whatever locally within one of those two sites (as a client of the pfSense)

              V 1 Reply Last reply May 21, 2021, 1:03 PM Reply Quote 0
              • V
                viragomann @g3ck0
                last edited by May 21, 2021, 1:03 PM

                @g3ck0
                Some special outbound NAT settings on pfSense like "static port"?

                G 1 Reply Last reply May 21, 2021, 1:04 PM Reply Quote 0
                • G
                  g3ck0 @viragomann
                  last edited by May 21, 2021, 1:04 PM

                  @viragomann I might not have touched the outbound NAT settings since the installation so these settings seem to be factory-default

                  G 1 Reply Last reply May 21, 2021, 1:14 PM Reply Quote 0
                  • G
                    g3ck0 @g3ck0
                    last edited by May 21, 2021, 1:14 PM

                    @g3ck0 may I mention, as I said the two sites are similarly configured that on BOTH sites the LAN and the OPT1 have EACH the same local IP address range? Could this be an issue?

                    V 1 Reply Last reply May 21, 2021, 1:35 PM Reply Quote 0
                    • V
                      viragomann @g3ck0
                      last edited by May 21, 2021, 1:35 PM

                      @g3ck0
                      Yes, this will prevent the second to add the route on the client, when establishing the second vpn and the connection might fail. But that should be the case as well, when connecting over a third party network. So it's not clear to me, why this only happens in you local network.

                      Possibly sniffing the traffic on pfSense can shed some light.

                      1 Reply Last reply Reply Quote 0
                      • G
                        g3ck0
                        last edited by g3ck0 May 24, 2021, 5:44 PM May 24, 2021, 5:43 PM

                        I finally solved it.

                        The LAN subnet on both sites must not be identical.

                        After changing the LAN subnet on one of the two sites (so they differ) it works like a charme.

                        Further reading:

                        https://blog.matrixpost.net/pfsense-site-to-site-ipsec-vpn-same-subnet-on-each-site/

                        1 Reply Last reply Reply Quote 0
                        11 out of 11
                        • First post
                          11/11
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                          This community forum collects and processes your personal information.
                          consent.not_received