Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with routing OpenVPN clients to internal network

    OpenVPN
    1
    2
    3.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dparsons
      last edited by

      At one point in time this setup was working properly but after a power outage in the switching closet someone apparently forgot to write all of the routing rules to the router memory and were therefore lost in the power outage.

      The basic structure of the network looks like this [Internal Network] –> [Cisco Router] –> [Internet]

      Internal Network is 192.168.1.x

      The pfSense box has a LAN, WAN, and OPT1 adapter
        -LAN: 192.168.1.203
        -OPT1: 192.168.100.1
        -WAN: 1.2.3.4 <– Exposed to the internet through the Cisco Router and is the address people use to connect to OpenVPN

      OpenVPN assigns clients an address of 192.168.100.x and exposes the internal network as 10.10.11.x.  In the past clients were able to access internal network resources by doing 10.10.11.x where x was the final octet of the resources 192.168.1.x address.  To this end if I connect to the pfSense box via OpenVPN I can pull up the pfSense Web Interface by going to 10.10.11.203, I can ping it, and SSH to it.

      However, if I try to go to any other network resource this completely times out. I can verify that, at least, all of my ICMP traffic is at least making it through the router and to the pfSense box (looking at a packet capture).  I am fairly certain this this is a routing issue with the Cisco router not being sure how to handle requests from 10.10 addresses but I am unsure as to what the proper route is.  I have tried

      10.10.11.0 255.255.255.0 192.168.1.203 (pfSense box LAN Adapater address)
      10.10.11.0 255.255.255.0 192.168.100.1 (pfSense box OPT1 Adapter address)
      10.10.11.0 255.255.255.0 1.2.3.4 (pfSense box WAN Adapter address)

      There are no NAT Rules / Mappings in pfsense and Manual Outbound NAT rule generation is enabled.

      Does anyone have any thoughts on how to correct this?

      1 Reply Last reply Reply Quote 0
      • D
        dparsons
        last edited by

        After analyzing my packet captures I realized my error:  the routes that I was trying to set up in the router obviously can't work because I am requesting a 10.10.11.x resource through pfSense that has an origination address of 192.168.100.x.

        The correct route I needed was:
        ip route 192.168.100.0 255.255.255.0 192.168.1.203

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.