Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Override local OpenVPN while connecting to remote site

    OpenVPN
    2
    11
    186
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      g3ck0 last edited by

      Hi,

      I have two independent - yet similar configured - pfSense sites.

      Let's say:

      • Site-A

      and

      • Site-B

      Hint: I do NOT intend to connect those sites with a Site-to-Site-VPN.

      Furthermore, I would like to connect to each site from "outside" with OpenVPN on-demand.

      Each site is configured fine for this, except one use case:

      If I'm connected locally within one of both sites and try to establish an OpenVPN-Connection to the other site, I get "stuck" in the local net.

      Connecting from mobile data (smartphone) or a third-party, non-pfSense local net does not bring up this issue.

      I guess this might have to do with the mentioned each similar configured local nets of both sites.

      Is there a "quick fix" for this?

      Thanks in advance

      Marco

      V 2 Replies Last reply Reply Quote 0
      • V
        viragomann @g3ck0 last edited by

        @g3ck0
        Ensure that your client config files includes:

        lport 0
        
        G 1 Reply Last reply Reply Quote 0
        • G
          g3ck0 @viragomann last edited by

          @viragomann thanks for your immediate answer.

          I'll check this out and let you know if this already did the trick ;)

          1 Reply Last reply Reply Quote 0
          • G
            g3ck0 last edited by

            Hmm I double checked this (see attachment) ![alt text](image urlScreenshot_20210521-143309.png )

            ...and lport 0 was definitely already set.

            The issue still remains.

            Any further suggestions? :)

            1 Reply Last reply Reply Quote 0
            • V
              viragomann @g3ck0 last edited by

              @g3ck0 said in Override local OpenVPN while connecting to remote site:

              If I'm connected locally within one of both sites and try to establish an OpenVPN-Connection to the other site, I get "stuck" in the local net.

              To get it correctly, you're talking about establishing two connections from a single device (mobile) within your network or from pfSense?

              1 Reply Last reply Reply Quote 0
              • G
                g3ck0 last edited by

                @viragomann Hi,

                Well, if I use mobile data from my smartphone it works without any issues, and therefore, this is not local but a third party net.

                The issue only occurs if I'm connected with wifi with my smartphone / Macbook / whatever locally within one of those two sites (as a client of the pfSense)

                V 1 Reply Last reply Reply Quote 0
                • V
                  viragomann @g3ck0 last edited by

                  @g3ck0
                  Some special outbound NAT settings on pfSense like "static port"?

                  G 1 Reply Last reply Reply Quote 0
                  • G
                    g3ck0 @viragomann last edited by

                    @viragomann I might not have touched the outbound NAT settings since the installation so these settings seem to be factory-default

                    G 1 Reply Last reply Reply Quote 0
                    • G
                      g3ck0 @g3ck0 last edited by

                      @g3ck0 may I mention, as I said the two sites are similarly configured that on BOTH sites the LAN and the OPT1 have EACH the same local IP address range? Could this be an issue?

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        viragomann @g3ck0 last edited by

                        @g3ck0
                        Yes, this will prevent the second to add the route on the client, when establishing the second vpn and the connection might fail. But that should be the case as well, when connecting over a third party network. So it's not clear to me, why this only happens in you local network.

                        Possibly sniffing the traffic on pfSense can shed some light.

                        1 Reply Last reply Reply Quote 0
                        • G
                          g3ck0 last edited by g3ck0

                          I finally solved it.

                          The LAN subnet on both sites must not be identical.

                          After changing the LAN subnet on one of the two sites (so they differ) it works like a charme.

                          Further reading:

                          https://blog.matrixpost.net/pfsense-site-to-site-ipsec-vpn-same-subnet-on-each-site/

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post