Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cant connect to servers with internal and external ip via OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 523 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yellowphoenix18
      last edited by

      Hello there,
      Im new to the forum and want to say sorry if this post is maybe in a wrong forum/category.

      I currently came across a very strange behaviour:

      We have a internal subnet 10.1.16.0/24, which can be accessed by the VPN running the network 10.1.20.0/24.

      In those subnet we have multiple servers, which all run on debian. All those servers can be accessed fine.

      Now we needed for one server an internal + external ip-address and added those via two interfaces (Internal ip is on ens19 and external on ens18). After adding the public-address the server is not accessable via the OpenVPN on its internal ip anymore. But the pfSense can still ping the server on its internal ip. Accessing the server via its external ip also works fine from the client(probably because not using the OpenVPN). Also accessing the server from another server in the internal network has worked fine.

      So as far as I can see it seems to be an issue with the OpenVPN. But I have no clue what can cause it. The pfSense has also access to the internet via a public address, so just sending aside from the OpenVPN at the client should not cause that issue.

      Hope anyone has some ideas.

      Kind regards,
      Sebastian

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @yellowphoenix18
        last edited by johnpoz

        @yellowphoenix18 off the top which interface has the default gateway?

        You would need to tell this server to talk to whatever networks are going to talk to it via its internal interface to talk back via this interfaces gateway.

        this would be a simple route on your dual homed box saying hey want to talk to internal rfc1918 address use the internal interfaces gateway.

        Its not a openvpn issue, is a box your talking to issue that is multihomed - if he sends traffic out his public interface in answer to some non local IP that not going to get back through your vpn tunnel back to your client.

        Other solution would be to source nat traffic coming through your vpn so it looks like its coming from pfsense IP on that internal network. But that is not as clean a solution, since that server won't actually see the true source IP, and will think all traffic is coming from pfsense IP.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        Y 1 Reply Last reply Reply Quote 0
        • Y
          yellowphoenix18 @johnpoz
          last edited by

          @johnpoz Yeah youre right. I totally messed up the point, that it will take a default gateway and havn't thought about that point. But now it makes sense. It works now, so the thread can be closed. Im really sorry for messing those things up here.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @yellowphoenix18
            last edited by

            @yellowphoenix18 no reason to delete - its a valid sort of question that others might have.

            Glad you got it sorted.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.