Opnevpn cliente e site to site
-
hi everyone I have a problem, I have a pfsense 2.5.2 server with OpenVpn Server configured on this network there are 2 external servers, not on site, connected via OpenVpn Site to Site. when I connect from the outside with an opnvpn client I can see the servers on site but I can't see those NOT on site. but if I ping the external server from the onsite server, the ping is ok
can you help me? summarize a small scheme.Pfsense - 192.168.2.252 (openvpn server tunnel 192.168.222.x)
Internal server - 192.168.2.250
External server - 192.168.111.250 (remote pfsense 192.168.111.252)
Vpn site to site (tunnel 10.0.7.x)if I connect via TeamViewer on server 192.168.2.250 I can ping server 192.168.111.250
if I connect via VPN client the server 192.168.111.250 I cannot ping it I only ping the network 192.168.2.x
do you have any ideas?
thx
-
@miami71it
You have to add the proper routes on the VPN client and the remote site.To do this, go into the OpenVPN access server settings and add the remote network 192.168.111.0/24 into the "IPv4 Local Networks" box (guess it's a /24 mask, but if you only the one server you can also enter 192.168.111.250/32 instead).
This setting pushes the route to the clients.At the remote site (192.168.111.252) go into the OpenVPN site-to-site settings and add the access servers tunnel network 192.168.222.0/24 to the "IPv4 Remote Networks". This is necessary for responding to the clients.
-
@viragomann hello but there are already these tunnels
on the pfsense server 192.168.2.252 (where you connect with the client) there is the tunnel 192.168.222.0/24 and then there is the local network 192.168.2.0/24 which is the local network of the pfsense if I put that remote then the local no longer works
remotely there is another server which is 192.168.3.250 and it works fine, and the configuration is the samethe strange thing is that if I pin server 192.168.111.250 from server 192.168.2.250 it works, if instead I connect with opevpn client to site from an external office it doesn't work I only see the 192.168.2.x network and the 192.168.3 network .x but the 192.168.111.x network is not working
-
@miami71it said in Opnevpn cliente e site to site:
on the pfsense server 192.168.2.252 (where you connect with the client) there is the tunnel 192.168.222.0/24 and then there is the local network 192.168.2.0/24 which is the local network of the pfsense if I put that remote then the local no longer works
Nice. But I suggested you to add 192.168.111.0/24.
remotely there is another server which is 192.168.3.250 and it works fine, and the configuration is the same
Oh, that's a total new network. You didn't mention above.
the strange thing is that if I pin server 192.168.111.250 from server 192.168.2.250 it works, if instead I connect with opevpn client to site from an external office it doesn't work
This seems not strange to me, this let me assume that you're missing routes. And therefor I requested you to do some additional settings.
-
@viragomann where do you tell me to add 192.168.111.250/32 there is currently written 192.168.2.0/24, can you add both? or a single network?
sorry I didn't write about another remote server as I thought it was not relevant, basically there are two remote networks, one works and one doesn't.
the configurations are identical only obviously the ip address and the tunnel changes
-
@miami71it said in Opnevpn cliente e site to site:
where do you tell me to add 192.168.111.250/32 there is currently written 192.168.2.0/24, can you add both? or a single network?
Yes, the networks have to be in CIDR notation and comma separated. Should look like this line:
192.168.2.0/24,192.168.111.250/32 -
@viragomann .it doesn't work from this error
The following input errors were detected:
The field 'IPv4 Tunnel Network' must contain a single valid ipv4 CIDR range.
-
@miami71it
So what did you try to enter, dude?
The line what I suggested should work at all. -
@viragomann ok I inserted it, I restarted the service but the problem remains I connect to the VPN remotely and the server 192.168.111.250 does not pin it and I do not reach it
other ideas?
-
@miami71it
Okay, for deeper investigation, please post the IPv4 Routing tables of both pfSense (Diagnostics > Routes) and of the client, also the firewall rules of the VPN interfaces and content of Status > Interfaces. -
@viragomann I am attaching a word document with the info yoPFSENSE.zip u requested
-
@miami71it
So at the remote site (192.168.111.252) you're still missing the entries, which I suggested to add above.In the OpenVPN peer-to-peer client the "IPv4 Remote Networks" box has to look like this
192.168.2.0/24,192.168.3.0/24,192.168.222.0/24However, the routing table on 192.168.2.252 look somewhat odd. You should probably reboot the machine.
-
@viragomann perfect now with your directions it works great
I THANK YOU
-
This post is deleted!