Complex OpenVPN Routing Question
-
Hi everyone! I'd like to ask the hive mind for some guidance on correctly setting up an OpenVPN client/server while routing all traffic through an obfuscator to help avoid IDS. I've already figured out the obfuscator and pluggable transport (shapeshifter-dispatcher), but I'm having trouble getting pfSense to remain connected as traffic doesn't seem to want to flow through the tunnel. pfSense boxes sit at both sides of the bridge and are running the latest stable build. Here's what I'm trying to accomplish:
Server/Host (OpenVPN) -> Obfuscation Proxy (Running on the host) -> Internet -> Obfuscation Proxy (Running on remote site) -> Client/Remote Site (OpenVPN)
and here are the IPs associated with each hop:
Server/Host (10.0.32.0/24) -> 127.0.0.1:61932 -> External-Facing Listening Service (0.0.0.0:2222) -> 127.0.0.1:62317 -> Client (192.168.100.0/24)
I've confirmed that the proxy is functioning as intended and the connection remains stable when used for things other than OpenVPN.
I'm only able to ping from client to server for a few seconds after the connection is established. Disabling pushing routes on the client seems to keep the VPN connection alive a bit longer, but it eventually drops due to inactivity after about a minute:
Mar 11 00:59:22 openvpn 93199 openvpn server 'ovpns3' user 'thecloudbridge' address '127.0.0.1' - disconnected Mar 11 00:59:22 openvpn 598 thecloudbridge/127.0.0.1:53146 SIGUSR1[soft,ping-restart] received, client-instance restarting Mar 11 00:59:22 openvpn 598 thecloudbridge/127.0.0.1:53146 [thecloudbridge] Inactivity timeout (--ping-restart), restarting Mar 11 00:59:16 openvpn 598 MANAGEMENT: Client disconnected Mar 11 00:59:16 openvpn 598 MANAGEMENT: CMD 'quit' Mar 11 00:59:16 openvpn 598 MANAGEMENT: CMD 'status 2' Mar 11 00:59:16 openvpn 598 MANAGEMENT: Client connected from /var/etc/openvpn/server3/sock Mar 11 00:58:12 openvpn 598 MANAGEMENT: Client disconnected Mar 11 00:58:12 openvpn 598 MANAGEMENT: CMD 'quit' Mar 11 00:58:12 openvpn 598 MANAGEMENT: CMD 'status 2' Mar 11 00:58:12 openvpn 598 MANAGEMENT: Client connected from /var/etc/openvpn/server3/sock Mar 11 00:57:45 openvpn 3505 openvpn server 'ovpns3' user 'thecloudbridge' address '127.0.0.1' - disconnected Mar 11 00:57:45 openvpn 598 thecloudbridge/127.0.0.1:19401 SIGUSR1[soft,ping-restart] received, client-instance restarting Mar 11 00:57:45 openvpn 598 thecloudbridge/127.0.0.1:19401 [thecloudbridge] Inactivity timeout (--ping-restart), restarting Mar 11 00:57:13 openvpn 598 thecloudbridge/127.0.0.1:53146 PUSH: Received control message: 'PUSH_REQUEST'
At this point, I'm confident the issue is somewhere in the way routing is handled by OpenVPN, but I'm at wit's end. Can anyone with a bit more experience lend me a hand?
Thanks!