4 pfsense servers+vpn routing+vpn gui client
Hello.Got one problem.
4 pfsense servers are connected using open vpn
Main server(1),got local network 10.10.100.0/23 | 10.1.5.0/24 tunnel network
Second(10.10.96.0/23) | 10.1.3.0/24 tunnel network
Third(10.10.98.0/23) | 10.1.2.0/24 tunnel network
Fourth(10.10.104.0/23) | 10.1.4.0/24tunnel network
Routing beetwen them works fine.
While my laptop belongs to one of those networks I can communicate with every subnet PC's.
But,when I initialize connection with open vpn gui client from home I can see only local network behind the server I connected to.
The question is,why i can't see other subnets?
I guess, it relate to routing.Please,help.
tracert from subnet behind pfsense server
tracert from home PC
Seems like it don't know where to send packets.
@rostyslav-didus In your OpenVPN server config, what do you have for Tunnel Settings - IPv4 Local Network(s)?
@rostyslav-didus OK that looks good. It's not every day I see someone using a /23.
What are your firewall rules for the OpenVPN interfaces?
We've got many clients )
KOM last edited by KOM
This post is deleted!
Maybe the destination devices are blocking access from outside their local networks. This is the default behavior of PC firealls.
Dammit, clicked Delete by accident...
viragomann had a good suggestion above. Often times a desktop firewall will block traffic from outside its local subnet.
Can you not access anything on any network, or are you just trying Windows systems?
@kom I saw that message )
It is about vpn's config on each server.I'll add this info tomorrow.
I wish it was like this way.
But it is not.Windows FIrewall is turned off.
For some reason pfsense allows me to see only network behind the server I connected to.I'll add vpn config's of all servers tomorrow.
For some reason pfsense allows me to see only network behind the server I connected to.
From your first post, I assumed you get not even this.
So you connect to different servers by vpn and want to access the remote networks in the other locations, which are connected with a site2site?
So consider that you have to populate the route for the access servers tunnel network on the s2s remote sites.
Vpn server settings for users with openvpn gui client.
As you see,I entered all subnets to ipv4 local networks.
Should I add here tunnel network subnets?
Client side+server side for tunnel 1
Client side+server side for tunnel 2
Client side+server side for tunnel 3
When I connect via openvpn gui and trying tracert command to 10.10.104.2(windows server) I receive time out.
If I try to connect to any subnet's server it works fine when I initialize connection from one of those subnet(10.10.100.0/23,10.10.98.0/23 etc.)
You have to add the access server tunnel network 10.1.5.0/24 to the "Remote networks" on all remote sites, so that the branch routers set a route for it pointing to the main.
It works now.Added 10.1.5.0/24 to each "remote networks" configuration.
I appreciate that.
Thanks a lot.