VPN to LAN Route issue
-
Hello All,
I have an issue with VPN to LAN connectivity. My PfSense is dialling VPN to SIP provider. VPN connectivity is properly established and able to ping given route and gateway from pfSense but can not ping or reach to given route from my LAN.
Below give is my network structure.
LAN
LAN IP Range : 192.168.0.0/24
PfSense FW : 192.168.0.9/24VPN:
SSL/TLS
Route 1 : 10.191.25.1/32 via 172.23.0.1
Route 2 : 10.191.25.8/29 via 172.23.0.1Interfaces
WAN1
WAN2
WAN3 : VPN server is reachable from this Interface
LANMy concern is my network (192.168.0.0) should be able to communicate to SIP Server (10.191.25.0) and vice versa.
-
@prashant-joshi-0
Is pfSense the default gateway in your LAN? It's IP is untypical for a gateway.Has the remote site a route to your LAN?
-
- Yes! its default gateway for LAN (I have modified IP)
- I am not sure about this have not defined any rules.
-
@prashant-joshi-0 said in VPN to LAN Route issue:
I am not sure about this have not defined any rules.
This has to be done on the remote site, but I'm in doubt, that they are willing to do this.
So you have to masquerade the SIP traffic with your OpenVPN IP.
To do so, you have to assign an interface to the OpenVPN client. Interfaces > Assginments
Select the proper client instance (e.g. ovpnc1) und "available network ports", hit Add, edit the new interface, set a proper name and enable it.VPN:
Route 1 : 10.191.25.1/32 via 172.23.0.1
Route 2 : 10.191.25.8/29 via 172.23.0.1If you need to communicate with both add them to an alias so that you can handle both with a single rule later.
Then go to Firewall > NAT > Outbound, activate the hybrid mode if it is in automatic. Then add a rule like:
interface: that one you've assigned to the VPN client
source: LAN network
destination: network > enter the alias with the remote networks
translation: interface address -
@viragomann Thank man ! Its started pinging !
Still my SIP is not getting registered !
One more thing I forgot to mention earlier! While connecting to SIP provider they provides an IP address from which they want us to connect to SIP server as the only IP is allowed on their server.
While connecting to provider using VPN I get the IP 172.23.18.15, so now the question is whatever steps we have executed above, does my traffic goes via this assigned IP or not ?
-
@prashant-joshi-0 said in VPN to LAN Route issue:
One more thing I forgot to mention earlier! While connecting to SIP provider they provides an IP address from which they want us to connect to SIP server as the only IP is allowed on their server.
So which one? Seems strange to me if they give you a VPN, but require another IP for connecting to the SIP.
-
@viragomann No! No! its not like that!
I am talking about the IP address while connecting to the SIP Provider(I gave name SIP Interface). So the thing is when my PBX dial to SIP server my public IP should be SIP Interface IP.