Override local OpenVPN while connecting to remote site

g3ck0 · May 21, 2021, 12:00 PM

Hi,

I have two independent - yet similar configured - pfSense sites.

Let's say:

Site-A

and

Site-B

Hint: I do NOT intend to connect those sites with a Site-to-Site-VPN.

Furthermore, I would like to connect to each site from "outside" with OpenVPN on-demand.

Each site is configured fine for this, except one use case:

If I'm connected locally within one of both sites and try to establish an OpenVPN-Connection to the other site, I get "stuck" in the local net.

Connecting from mobile data (smartphone) or a third-party, non-pfSense local net does not bring up this issue.

I guess this might have to do with the mentioned each similar configured local nets of both sites.

Is there a "quick fix" for this?

Thanks in advance

Marco

viragomann · May 21, 2021, 12:03 PM

@g3ck0
Ensure that your client config files includes:

lport 0

g3ck0 · May 21, 2021, 12:06 PM

@viragomann thanks for your immediate answer.

I'll check this out and let you know if this already did the trick ;)

g3ck0 · May 21, 2021, 12:38 PM

Hmm I double checked this (see attachment) ![alt text](image url )

...and lport 0 was definitely already set.

The issue still remains.

Any further suggestions? :)

viragomann · May 21, 2021, 12:54 PM

@g3ck0 said in Override local OpenVPN while connecting to remote site:

If I'm connected locally within one of both sites and try to establish an OpenVPN-Connection to the other site, I get "stuck" in the local net.

To get it correctly, you're talking about establishing two connections from a single device (mobile) within your network or from pfSense?

g3ck0 · May 21, 2021, 1:03 PM

@viragomann Hi,

Well, if I use mobile data from my smartphone it works without any issues, and therefore, this is not local but a third party net.

The issue only occurs if I'm connected with wifi with my smartphone / Macbook / whatever locally within one of those two sites (as a client of the pfSense)

viragomann · May 21, 2021, 1:03 PM

@g3ck0
Some special outbound NAT settings on pfSense like "static port"?

g3ck0 · May 21, 2021, 1:04 PM

@viragomann I might not have touched the outbound NAT settings since the installation so these settings seem to be factory-default

g3ck0 · May 21, 2021, 1:14 PM

@g3ck0 may I mention, as I said the two sites are similarly configured that on BOTH sites the LAN and the OPT1 have EACH the same local IP address range? Could this be an issue?

viragomann · May 21, 2021, 1:35 PM

@g3ck0
Yes, this will prevent the second to add the route on the client, when establishing the second vpn and the connection might fail. But that should be the case as well, when connecting over a third party network. So it's not clear to me, why this only happens in you local network.

Possibly sniffing the traffic on pfSense can shed some light.

g3ck0 · May 24, 2021, 5:44 PM

I finally solved it.

The LAN subnet on both sites must not be identical.

After changing the LAN subnet on one of the two sites (so they differ) it works like a charme.