• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Route to remote gateway connected via OpenVPN

Scheduled Pinned Locked Moved Routing and Multi WAN
1 Posts 1 Posters 254 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jamesg246
    last edited by Dec 26, 2023, 11:06 AM

    Hi all,

    I'm trying to route a subnet to another firewall (unifi console) on the openvpn interface). I have the connection setup with the OpenVPN client and can ping the pfsense LAN from unifi. The unifi express gets an IP from the pfsense's VPN (10.94.64.2) and all traffic out to the internet and the pfsense LAN is ok.

    pfsense LAN: 10.90.30.1

    Unifi LAN: 10.94.30.1

    VPN tunnel: 10.90.64.1

    I think this is a unifi firewall issue, but I've not been able to capture the packets on this interface. The packets seem to leave the pfsense vpn gateway interface ok.
    I've setup a gateway and static route on the pfsense box pointing to 10.94.64.2 and the packet capture shows the pings going over the vpn so i assume the unifi box isn't responding. I know this is working correctly because if I change my static route to the wan ip of the express and open the firewall the packets flow happily.

    Any help greatly appreciated, I think I must be missing something! Is there a limitation somewhere with doing this over the openvpn interface? The vpn type is remote access as unifi doesn't support peer to peer.

    Also, to note the remote site is behind NAT and has a dynamic IP so IPSec isnt suitable and neither is wireguard as unfortunately I cannot forward the ports to the express.

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received