[SOLVED] OpenVPN site-to-site and Gateway Groups routing problem
-
SOLVED.
On Office 1 add a rule BEFORE any failover rules:
- LAN net * 192.168.130.0/24 * * none Routing to vpn tunnel
But maybe OpenVPN can add the rule automatically or warn user to add it. Or create alias for OpenVPN networks to make configuration easier?
–----------------------------------------------------
I have a problem with OpenVPN routing.
From Office 2 (192.168.130.0/24) I have full access to 192.168.28.0/24 and traceroute from windows workstation is OK:
1 <1 ms <1 ms <1 ms pfsense-office.xx.local [192.168.130.254]
2 3 ms 3 ms 3 ms 10.215.215.1
3 3 ms 2 ms 3 ms SERVER1 [192.168.28.5]From Office 1 (192.168.28.0/24) I can ping and traceroute from firewall, but not from workstations. On the workstations route is wrong, it goes to internet, not to 10.215.215.0/24. If I change rule on LAN to go to default gateway tunnel and internet is working, but how to use failover gateweay groups then in combination with my OpenVPN tunnel? This works for years in pfSense 1.2.x, now I miss something?
Here is my configuration:
Rules on OpenVPN for Office 1 and Office 2:
-
-
-
-
-
- none Office VPN pass all
-
-
-
-
Rules on LAN for Office 1:
- LAN net * * * Wan2ToWan1 none Failover rule
Rules on LAN for Office 2 - LAN net * * * * none Default allow LAN to any rule
–--------
Office 1
LAN: 192.168.28.0/24
WAN1: 11.11.11.11
WAN2: 22.22.22.22OpenVPN Server:
Server Mode: Peer to Peer (Shared key)
Protocol: UDP
Interface: Any
Tunnel Network: 10.215.215.0/24
Local Network: 192.168.28.0/24 (do I need this?)
Remote Network: 192.168.130.0/24
Office 2
LAN: 192.168.130.0/24
WAN: 22.22.22.22OpenVPN Client:
Server Mode: eer to Peer (Shared Key)
Protocol: UDP
Device mode: tun
Interface: any
Server host or address: 11.11.11.11
Tunnel Network: 10.215.215.0/24
Remote Network: 192.168.28.0/24