Pfsense does not route through the openvpn tunnel [solved]
-
local net: 192.168.1.0/24
foreign net: 10.0.0.0/8opevpn client configuration (pfsense):
Protocol: TCP
Server address: <ip address="" openvpn="" server="">Server port: 443
Interface IP: empty
Remote network: empty
Proxy Host: empty
Authentication method: PKIOpenVPN Server configuration (Debian Lenny):
port 443
proto tcp-server
dev tap1
tls-server
(…)
mode server 10.0.33.0 255.255.255.0
ifconfig-pool 10.0.33.2 10.0.33.254
ifconfig 10.0.33.1 255.255.255.0
push "route 10.0.0.0 255.255.255.0 10.0.33.1"
ping-restart 60
ping 10
comp-lzo
persist-key
persist-tunpfsense rules:
Proto Source Port Destination Port Gateway Schedule Description- LAN net * * * * Default LAN -> any
Systemlog | OpenVPN:
openvpn[37775]: Initialization Sequence Completed
openvpn[37105]: SIGTERM[hard,] received, process exiting
openvpn[37775]: /etc/rc.filter_configure tap0 1500 1576 10.0.33.5 255.255.255.0 init
openvpn[37775]: /sbin/ifconfig tap0 10.0.33.5 netmask 255.255.255.0 mtu 1500 up
openvpn[37775]: TUN/TAP device /dev/tap0 opened
openvpn[37775]: gw <ip address="">openvpn[37775]: [firewall] Peer Connection Initiated with <ip address="" openvpnserver="">:443
openvpn[37775]: TCPv4_CLIENT link remote: <ip address="" openvpnserver="">:443
openvpn[37775]: TCPv4_CLIENT link local: [undef]
openvpn[37775]: TCP connection established with <ip address="" openvpnserver="">:443
openvpn[37775]: Attempting to establish TCP connection with <ip address="" openvpnserver="">:443Diagnostics: Routing tables:
Destination Gateway Flags Refs Use Mtu Netif Expire
default <ip address="">UGS 0 13919946 1492 ng0
10.0.0.0/24 10.0.33.1 UGS 0 576 1500 tap0pfsense is able to traceroute and ping clients on the "foreign net":
Traceroute output:
1 localhost (10.0.33.1) 54.033 ms 50.297 ms 53.835 ms
2 localhost (10.0.0.2) 51.025 ms 50.770 ms 53.766 msSo, as far as I see everything should work. If I try to connect from a client of the local subnet (eg 192.168.1.7) to a client of the foreign net (10.0.0.2) the firewall logs does not show any problems (if I enable logging on the default rule, it even shows that the connection was acceppted), but the connections fails. I tried Port 3389, 80, 143, none is working.
When I traceroute to the client on the foreign net:
tracert 10.0.0.2
1 1 ms 1 ms 1 ms firewall.local [192.168.1.1]
2 * * * timeout
3 * * * timeout
(…)Can somebody give me a hint?</ip></ip></ip></ip></ip></ip></ip>
-
manually add route here –-> http://192.168.2.1/system_routes.php
-
I added manually the route
10.0.0.0/8 –> gw 10.0.33.1
now I have two similar routes, but it is still not working
-
nobody?
-
Don't manually add routes. From your description, the remote side is missing a route back to your LAN.
-
Thank you very very much! Could not see the wood for the trees….