Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] OpenVPN site-to-site and Gateway Groups routing problem

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    1 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unguzov
      last edited by

      SOLVED.

      On Office 1 add a rule BEFORE any failover rules:

      • LAN net * 192.168.130.0/24 * * none   Routing to vpn tunnel

      But maybe OpenVPN can add the rule automatically or warn user to add it. Or create alias for OpenVPN networks to make configuration easier?

      –----------------------------------------------------

      I have a problem with OpenVPN routing.

      From Office 2 (192.168.130.0/24) I have full access to 192.168.28.0/24 and traceroute from windows workstation is OK:

      1    <1 ms    <1 ms    <1 ms  pfsense-office.xx.local [192.168.130.254]
      2     3 ms     3 ms     3 ms  10.215.215.1
      3     3 ms     2 ms     3 ms  SERVER1 [192.168.28.5]

      From Office 1 (192.168.28.0/24) I can ping and traceroute from firewall, but not from workstations. On the workstations route is wrong, it goes to internet, not to 10.215.215.0/24. If I change rule on LAN to go to default gateway tunnel and internet is working, but how to use failover gateweay groups then in combination with my OpenVPN tunnel? This works for years in pfSense 1.2.x, now I miss something?

      Here is my configuration:

      Rules on OpenVPN for Office 1 and Office 2:

                • none   Office VPN pass all

      Rules on LAN for Office 1:

      • LAN net * * * Wan2ToWan1 none   Failover rule  
        Rules on LAN for Office 2
      • LAN net * * * * none   Default allow LAN to any rule

      –--------
      Office 1
      LAN: 192.168.28.0/24
      WAN1: 11.11.11.11
      WAN2: 22.22.22.22

      OpenVPN Server:
      Server Mode: Peer to Peer (Shared key)
      Protocol: UDP
      Interface: Any
      Tunnel Network: 10.215.215.0/24
      Local Network: 192.168.28.0/24 (do I need this?)
      Remote Network: 192.168.130.0/24


      Office 2
      LAN: 192.168.130.0/24
      WAN: 22.22.22.22

      OpenVPN Client:
      Server Mode: eer to Peer (Shared Key)
      Protocol: UDP
      Device mode: tun
      Interface: any
      Server host or address: 11.11.11.11
      Tunnel Network: 10.215.215.0/24
      Remote Network: 192.168.28.0/24

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.