• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Extra routing options for OpenVPN clients

Scheduled Pinned Locked Moved Routing and Multi WAN
5 Posts 2 Posters 817 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    morgenstern
    last edited by morgenstern Mar 2, 2023, 10:15 AM Mar 2, 2023, 9:22 AM

    So I have this affiliate business remote office with a pfsense router (172.16.69.0/24) that's connected to my HQ (10.3.0.0/24) via an OpenVPN site2site link. This provides the remote office with connectivity to the Avaya telephony control unit among other things.

    Now I have a remote worker associated with that remote office currently working from home and using an .ovpn key generated by their pfsense box. It connects fine but his PC cannot see the VoIP network in our HQ. What do I need to do to enable this? I tried manually adding a static route to his PC but it did not do a anything.

    Am I right in thinking I need to tell the remote office pfsense to make it's own vpn clients aware of the HQ's VoIP network? And if yes, how do I go about it?

    I have added the HQ VoIP network (10.3.0.0/24) to the "local networks" option on the OpenVPN server of the remote office pfsense box.

    Also added an option to: push "route 10.3.0.0 255.255.255.0";

    V 1 Reply Last reply Mar 2, 2023, 10:29 AM Reply Quote 0
    • V
      viragomann @morgenstern
      last edited by Mar 2, 2023, 10:29 AM

      @morgenstern

      Don't add static routes for OpenVPN connections!

      I have added the HQ VoIP network (10.3.0.0/24) to the "local networks" option on the OpenVPN server of the remote office pfsense box.

      This is fine.
      But remove this, since it does the same:

      Also added an option to: push "route 10.3.0.0 255.255.255.0";

      Additionally you need to add the access server tunnel network (remote office) in the HQ OpenVPN settings to the "Remote Networks" to add a route to the road warrior client pointing to the remote site.

      M 1 Reply Last reply Mar 2, 2023, 10:45 AM Reply Quote 1
      • M
        morgenstern @viragomann
        last edited by Mar 2, 2023, 10:45 AM

        @viragomann

        Sooo, remove the route from the local networks bit and keep the push route option?

        @viragomann said in Extra routing options for OpenVPN clients:

        Additionally you need to add the access server tunnel network (remote office) in the HQ OpenVPN settings to the "Remote Networks" to add a route to the road warrior client pointing to the remote site.

        On the HQ OVPN site2site server side config, add the address of the tunnel network between the remote office and the road warrior's PC?

        V 1 Reply Last reply Mar 2, 2023, 10:58 AM Reply Quote 0
        • V
          viragomann @morgenstern
          last edited by Mar 2, 2023, 10:58 AM

          @morgenstern said in Extra routing options for OpenVPN clients:

          Sooo, remove the route from the local networks bit and keep the push route option?

          In a site-to-site OpenVPN there is no need to push routes. You can simply state the remote networks in the "Remote Networks" box on both endpoints.
          Even pushing routes to the client would be possible.

          On the HQ OVPN site2site server side config, add the address of the tunnel network between the remote office and the road warrior's PC?

          Exaclty. When the road warrior client access the HQ, it uses it's interface IP, on which the traffic is passed out. So this is the OpenVPN VIP.
          So the HQ sees this VIP. To set the route for this to direct responses back the the branch you need to add the tunnel in the OpenVPN settings.

          M 1 Reply Last reply Mar 2, 2023, 1:30 PM Reply Quote 1
          • M
            morgenstern @viragomann
            last edited by Mar 2, 2023, 1:30 PM

            @viragomann

            Ha, that worked!

            I also had to adjust the OpenVPN fw rule to allow the VoIP traffic from the road warrior tunnel network to pass through the HQ to Remote office tunnel.

            Wonderful! Thank you muchly sir!

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received