• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing doesn't work with OpenVPN peer to peer.

Scheduled Pinned Locked Moved OpenVPN
13 Posts 5 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dimskraft @JeGr
    last edited by Jul 4, 2021, 8:25 AM

    @jegr I didn't create ovpn interfaces, I have specified rules on OpenVPN tab as described here https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html

    J 1 Reply Last reply Jul 5, 2021, 11:03 AM Reply Quote 0
    • J
      JeGr LAYER 8 Moderator @dimskraft
      last edited by Jul 5, 2021, 11:03 AM

      @dimskraft So you answered to one question and ignored all others? ;)

      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      D 1 Reply Last reply Jul 6, 2021, 1:38 PM Reply Quote 0
      • M
        marvosa @dimskraft
        last edited by Jul 5, 2021, 9:12 PM

        @dimskraft
        Lots of different variables to look at... do the routes exists, are the firewalls allowing the traffic, are the clients using PFsense as the default gateway, etc.

        Post the server1.conf and client1.conf.

        C 1 Reply Last reply Jul 6, 2021, 12:26 AM Reply Quote 0
        • C
          chpalmer @marvosa
          last edited by Jul 6, 2021, 12:26 AM

          Anything outside of the subnet of your Windows machines on each end will be treated as a public connection and firewalled off by your local machines.

          Make sure those machines have firewall rules allowing the connection from something outside of their own subnet.

          I have 12 OpenVPN tunnels going from here to remote sites and they all work flawlessly.

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          D 1 Reply Last reply Jul 8, 2021, 10:14 AM Reply Quote 0
          • D
            dimskraft @JeGr
            last edited by Jul 6, 2021, 1:38 PM

            @jegr was just not ready yet...

            1. firewall rules look ok according to manual (allowing all incoming from vpn on vpn tab)
            2. routes look correct as far as I can judge

            Machine 1:

            a628920c-7306-43fb-abfc-402116069eba-image.png

            Machine 2:

            6667e16e-bf53-42df-9869-81419e357fd9-image.png

            1. can't ping in both directions

            On machine 1 I can ping 192.168.27.1 (itself) but can't ping 192.168.27.2 while on machine 2 I can ping 192.168.27.2 (itself), but can't ping 192.168.27.1

            4,5) can't

            Packet capture see nothing

            For example if I do

            tcpdump -i ovpns4 icmp

            on machine 1, and do any ping of 192.168.27.1, including successfull pings on LAN 1 side, it shows nothing

            V 1 Reply Last reply Jul 6, 2021, 4:16 PM Reply Quote 0
            • V
              viragomann @dimskraft
              last edited by Jul 6, 2021, 4:16 PM

              @dimskraft said in Routing doesn't work with OpenVPN peer to peer.:

              firewall rules look ok according to manual (allowing all incoming from vpn on vpn tab)

              Would be better to post a screenshot here, so that others can get a view on it.

              Did you set also the protocol to any in the rule?

              D 1 Reply Last reply Jul 8, 2021, 10:11 AM Reply Quote 0
              • D
                dimskraft @viragomann
                last edited by Jul 8, 2021, 10:11 AM

                @viragomann apparently yes

                on machine 1

                ca37cef5-3358-4703-910c-fcc2132820a4-image.png

                on machine 2

                311946a5-084e-47f7-91b3-9b59de0a05e2-image.png

                1 Reply Last reply Reply Quote 0
                • D
                  dimskraft @chpalmer
                  last edited by Jul 8, 2021, 10:14 AM

                  @chpalmer I know about this thing but I am not using Windows machines yet, I am trying to ping between pfsenses or between Linux machines in connected LANs.

                  Do they have the same option?

                  May be I should use the same subnet in both connected LANs?

                  1 Reply Last reply Reply Quote 0
                  • D
                    dimskraft
                    last edited by Jul 8, 2021, 10:21 AM

                    Apparently routes are computing correctly

                    On machine 1 to machine 2:

                    : route get 192.168.33.246
                       route to: 192.168.33.246
                    destination: 192.168.33.0
                           mask: 255.255.255.0
                        gateway: 192.168.27.2
                            fib: 0
                      interface: ovpns4
                          flags: <UP,GATEWAY,DONE,STATIC>
                     recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
                           0         0         0         0      1500         1         0
                    

                    On machine 2

                    : route get 192.168.10.25
                       route to: 192.168.10.25
                    destination: 192.168.10.0
                           mask: 255.255.255.0
                        gateway: 192.168.27.1
                            fib: 0
                      interface: ovpnc1
                          flags: <UP,GATEWAY,DONE,STATIC>
                     recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
                           0         0         0         0      1500         1         0 
                    
                    1 Reply Last reply Reply Quote 0
                    • D
                      dimskraft
                      last edited by Jul 8, 2021, 10:26 AM

                      My machine 1 is multi WAN and it has firewall rule for LAN assigned to gateway group, not everything. May be this is affecting?

                      1 Reply Last reply Reply Quote 0
                      • D
                        dimskraft
                        last edited by Jul 8, 2021, 10:52 AM

                        It was compression issue.

                        I understood it when looking at server OpenVPN logs and seeing error

                        IP packet with unknown IP version=15 seen
                        

                        Some compression was turned ON on client side but any compression was disabled on server side. I was sure this misconfig would be detected automatically

                        1 Reply Last reply Reply Quote 0
                        13 out of 13
                        • First post
                          13/13
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                          This community forum collects and processes your personal information.
                          consent.not_received