Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Site to Site + OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 68 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      marcos.voliveiraj
      last edited by

      Olá,

      Cenário

      PFSense 1 - Datacenter
      IP LAN: 172.11.1.0/24
      VPN SITE-TO-SITE OPENVPN SSL/TLS SERVER
      TUNEL IP: 10.0.11.0/24

      PFSense 2 - Matriz
      IP LAN: 192.168.10.0/24
      VPN SITE-TO-SITE OPENVPN SSL/TLS CLIENT
      TUNEL IP: 10.0.11.0/24
      VPN CLIENT-TO-SITE SSL + AUT.USER
      TUNEL IP: 9.9.9.0/24

      VPN Site-to-SIte funcionando normalmente Rede Matriz 192.168.10.0/24 - Pingando Rede Datacenter e Rede Data Center 172.11.1.0/24 Pingando rede Matriz.

      VPN CLIENT to Site se conecta, pinga a rede da Matriz 192.168.10.0/24 porém não pinga rede 172.11.1.0/24. Já foi declarado no Servidor OpenVPN da Matriz a rede local 172.11.1.0/24

      Tem algo mais que teria que configurar ou declarar para que o Cliente que se conecta a Matriz aproveitasse o túnel e conseguisse chegar a rede do Datacenter ?

      Agradeço se alguém poder me ajudar.

      chpalmerC 1 Reply Last reply Reply Quote 0
      • chpalmerC Offline
        chpalmer @marcos.voliveiraj
        last edited by

        @marcos-voliveiraj

        You should really limit your private networks to addresses that are designed for that purpose.

        10.0.0.0/8

        172.16.0.0/12

        192.168.0.0/16

        Some of the addresses you list belong to someone out there and are rout-able.

        https://ipinfo.io/AS19281/9.9.9.0/24

        https://ipinfo.io/ips/172.11.1.0/24

        It could cause problems along the way for you or your users.

        What does your /diagnostic/diag_routes.php on the headquarters router look like?

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          marcos.voliveiraj @chpalmer
          last edited by

          @chpalmer

          Obrigado pela resposta, então você sugere que eu troque primeiro o IP da Lan do Datacenter para outro IP.

          E vc quer diagnostico do Pfsense rotas de qual Matriz ?

          chpalmerC 1 Reply Last reply Reply Quote 0
          • chpalmerC Offline
            chpalmer @marcos.voliveiraj
            last edited by

            @marcos-voliveiraj

            If you look at your Headquarters Diagnostics tab and go to Routes you can see if the Client VPNs have a route through the Headquarters router to the Datacenter router.

            Routes.png

            Triggering snowflakes one by one..
            Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

            M 1 Reply Last reply Reply Quote 0
            • M Offline
              marcos.voliveiraj @chpalmer
              last edited by

              @chpalmer

              Segue Rotas da Matriz

              rota_eft_matriz.png

              Obrigado pela ajuda.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.