Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Opnevpn cliente e site to site

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      miami71it
      last edited by

      hi everyone I have a problem, I have a pfsense 2.5.2 server with OpenVpn Server configured on this network there are 2 external servers, not on site, connected via OpenVpn Site to Site. when I connect from the outside with an opnvpn client I can see the servers on site but I can't see those NOT on site. but if I ping the external server from the onsite server, the ping is ok
      can you help me? summarize a small scheme.

      Pfsense - 192.168.2.252 (openvpn server tunnel 192.168.222.x)
      Internal server - 192.168.2.250
      External server - 192.168.111.250 (remote pfsense 192.168.111.252)
      Vpn site to site (tunnel 10.0.7.x)

      if I connect via TeamViewer on server 192.168.2.250 I can ping server 192.168.111.250

      if I connect via VPN client the server 192.168.111.250 I cannot ping it I only ping the network 192.168.2.x

      do you have any ideas?

      thx

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @miami71it
        last edited by

        @miami71it
        You have to add the proper routes on the VPN client and the remote site.

        To do this, go into the OpenVPN access server settings and add the remote network 192.168.111.0/24 into the "IPv4 Local Networks" box (guess it's a /24 mask, but if you only the one server you can also enter 192.168.111.250/32 instead).
        This setting pushes the route to the clients.

        At the remote site (192.168.111.252) go into the OpenVPN site-to-site settings and add the access servers tunnel network 192.168.222.0/24 to the "IPv4 Remote Networks". This is necessary for responding to the clients.

        M 1 Reply Last reply Reply Quote 0
        • M
          miami71it @viragomann
          last edited by

          @viragomann hello but there are already these tunnels

          on the pfsense server 192.168.2.252 (where you connect with the client) there is the tunnel 192.168.222.0/24 and then there is the local network 192.168.2.0/24 which is the local network of the pfsense if I put that remote then the local no longer works
          remotely there is another server which is 192.168.3.250 and it works fine, and the configuration is the same

          the strange thing is that if I pin server 192.168.111.250 from server 192.168.2.250 it works, if instead I connect with opevpn client to site from an external office it doesn't work I only see the 192.168.2.x network and the 192.168.3 network .x but the 192.168.111.x network is not working

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @miami71it
            last edited by

            @miami71it said in Opnevpn cliente e site to site:

            on the pfsense server 192.168.2.252 (where you connect with the client) there is the tunnel 192.168.222.0/24 and then there is the local network 192.168.2.0/24 which is the local network of the pfsense if I put that remote then the local no longer works

            Nice. But I suggested you to add 192.168.111.0/24.

            remotely there is another server which is 192.168.3.250 and it works fine, and the configuration is the same

            Oh, that's a total new network. You didn't mention above.

            the strange thing is that if I pin server 192.168.111.250 from server 192.168.2.250 it works, if instead I connect with opevpn client to site from an external office it doesn't work

            This seems not strange to me, this let me assume that you're missing routes. And therefor I requested you to do some additional settings.

            M 1 Reply Last reply Reply Quote 0
            • M
              miami71it @viragomann
              last edited by

              @viragomann where do you tell me to add 192.168.111.250/32 there is currently written 192.168.2.0/24, can you add both? or a single network?

              sorry I didn't write about another remote server as I thought it was not relevant, basically there are two remote networks, one works and one doesn't.

              the configurations are identical only obviously the ip address and the tunnel changes

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @miami71it
                last edited by

                @miami71it said in Opnevpn cliente e site to site:

                where do you tell me to add 192.168.111.250/32 there is currently written 192.168.2.0/24, can you add both? or a single network?

                Yes, the networks have to be in CIDR notation and comma separated. Should look like this line:

                192.168.2.0/24,192.168.111.250/32
                
                M 1 Reply Last reply Reply Quote 0
                • M
                  miami71it @viragomann
                  last edited by

                  @viragomann .it doesn't work from this error

                  The following input errors were detected:

                  The field 'IPv4 Tunnel Network' must contain a single valid ipv4 CIDR range.

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @miami71it
                    last edited by

                    @miami71it
                    So what did you try to enter, dude?
                    The line what I suggested should work at all.

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      miami71it @viragomann
                      last edited by

                      @viragomann ok I inserted it, I restarted the service but the problem remains I connect to the VPN remotely and the server 192.168.111.250 does not pin it and I do not reach it

                      other ideas?

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        viragomann @miami71it
                        last edited by

                        @miami71it
                        Okay, for deeper investigation, please post the IPv4 Routing tables of both pfSense (Diagnostics > Routes) and of the client, also the firewall rules of the VPN interfaces and content of Status > Interfaces.

                        M 1 Reply Last reply Reply Quote 0
                        • M
                          miami71it @viragomann
                          last edited by

                          @viragomann I am attaching a word document with the info yoPFSENSE.zip u requested

                          V 1 Reply Last reply Reply Quote 0
                          • V
                            viragomann @miami71it
                            last edited by

                            @miami71it
                            So at the remote site (192.168.111.252) you're still missing the entries, which I suggested to add above.

                            In the OpenVPN peer-to-peer client the "IPv4 Remote Networks" box has to look like this

                            192.168.2.0/24,192.168.3.0/24,192.168.222.0/24
                            

                            However, the routing table on 192.168.2.252 look somewhat odd. You should probably reboot the machine.

                            M L 2 Replies Last reply Reply Quote 0
                            • M
                              miami71it @viragomann
                              last edited by

                              @viragomann perfect now with your directions it works great

                              I THANK YOU

                              1 Reply Last reply Reply Quote 0
                              • L
                                Li Laura @viragomann
                                last edited by

                                This post is deleted!
                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.