Static route over OpenVPN VPN

viragomann

@aziz-1 said in Static route over OpenVPN VPN:

The problem is no traffic from LAN1 (server side) to LAN2 (client side) => no ping unless routes are there

I know, but you should start with properly setting up your VPN connection.

If you can access site A from site B, but not the other way round, it's not a routing issue at all.
It would be rather an issue on site A due either not allowing the access by the router or the LAN devices are blocking access from outside of their subnet.

Aziz 1

@jarhead ahhh sorry, I lately restored a config with 192.168.10.0 instead of 192.168.2.0 (those are the same LAN)
The route to 192.168.10.0 is there in the table

Aziz 1

Jarhead

@aziz-1 So you changed it to a site to site?
Change the tunnel address to a /30 ( or even better a /31 ) on both sides.

Aziz 1

@viragomann in both test machines : 1.80 and 10.103 (or 2.103 before) I use Wireshark to detect incoming traffic so that the local windows firewall can't be an issue

viragomann

@aziz-1 said in Static route over OpenVPN VPN:
in both test machines : 1.80 and 10.103 (or 2.103 before) I use Wireshark to detect incoming traffic so that the local windows firewall can't be an issue

Network sniffing with Wireshark or whatever taps the packets in front of the firewall. So seeing the incoming packets says nothing.
Did you also see responses?

Aziz 1

@viragomann I test the ping and the tracert while running wireshark in every test machine so to be sure of having traffic between them
Actually I m in 10.103 remote logged to 1.80
In the other direction : while in 1.80 I can't access 10.1 router GUI nor ping or remote log to 10.103

viragomann

@aziz-1

Yes, I got this already from your first post.

However, any connections have packets flow in both directions. There are request packets and responses. And I was asking if you see both on both sites.

Here you can see both:

16:25:16.281216 IP 10.10.81.11 > 10.10.76.53: ICMP echo request, id 1, seq 5, length 40
16:25:16.281454 IP 10.10.76.53 > 10.10.81.11: ICMP echo reply, id 1, seq 5, length 40
16:25:17.288271 IP 10.10.81.11 > 10.10.76.53: ICMP echo request, id 1, seq 6, length 40
16:25:17.288458 IP 10.10.76.53 > 10.10.81.11: ICMP echo reply, id 1, seq 6, length 40
16:25:18.303884 IP 10.10.81.11 > 10.10.76.53: ICMP echo request, id 1, seq 7, length 40
16:25:18.304076 IP 10.10.76.53 > 10.10.81.11: ICMP echo reply, id 1, seq 7, length 40

Here we see requests only:

16:30:56.995347 IP 10.10.81.11 > 10.10.76.240: ICMP echo request, id 1, seq 17, length 40
16:30:58.000729 IP 10.10.81.11 > 10.10.76.240: ICMP echo request, id 1, seq 18, length 40
16:30:59.004189 IP 10.10.81.11 > 10.10.76.240: ICMP echo request, id 1, seq 19, length 40

In this case the capture was taken on the router and the destination device send its responses to another gateway.

Aziz 1

@viragomann when pinging from LAN2 to LAN1 we got request and responses,
The other way only requests

viragomann

@aziz-1 said in Static route over OpenVPN VPN:

The other way only requests

So that's the point where you should check the firewall on the destination device.

Do you get responses if you ping a LAN2 device from LAN1 pfSense?

To be sure, are both VPN endpoints the default gateway in their local networks?