Cross-client OpenVPN routing issues on pfSense
-
Hello all,
I currently have about 15 sites with DD-WRT routers. Each router has it's own subnet (i.e. 10.1.1.0/24, 10.1.2.0/24, etc), but I've configured each router as an OpenVPN client so that devices on each subnet can communicate with one another (i.e. 10.1.1.100 can ping 10.1.2.100, and vice-versa). The OpenVPN server is an OpenVPN Access Server hosted in the cloud. This has been working great for months.
However, I'm now wanting to swap out my DD-WRT boxes for pfSense routers. I've successfully configured pfSense as an OpenVPN client using this post (http://forum.pfsense.org/index.php?topic=24435.0) as a guide, and I can ping out from behind the pfSense router (i.e. 10.1.3.0/24) to all of the other clients without any issues. But when attempting to ping the pfSense router from the other clients/subnets, I cannot see it.
I had the same issue when initially setting up my DD-WRT routers and fixed it by entering the following script into the startup commands:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPTThis script, I think, is the magic that makes it all work, but I don't know how to replicate it on pfSense. To compare, here's my pfSense routing table:
Destination Gateway Flags Refs Use Mtu Netif
default 216.xxx.xx.1 UGS 0 1388 1500 vr1
10.0.0.0/8 172.0.0.1 UGS 0 1154 1500 ovpnc1
10.1.1.0/24 link#1 U 0 2071 1500 vr0
10.1.1.1 link#1 UHS 0 0 16384 lo0
127.0.0.1 link#6 UH 0 47 16384 lo0
172.0.0.0/8 link#9 U 0 5 1500 ovpnc1
172.16.1.1 link#9 UHS 0 0 16384 lo0
192.168.1.0/24 172.0.0.1 UGS 0 0 1500 ovpnc1
192.168.100.0/24 172.0.0.1 UGS 0 0 1500 ovpnc1
216.xxx.xx.0/24 link#2 U 0 134 1500 vr1
216.xxx.xx.67 link#2 UHS 0 0 16384 lo0And here's a working DD-WRT routing table:
Destination LAN Subnet Mask Gateway Interface
216.xxx.xx.1 255.255.255.255 0.0.0.0 WAN
192.168.100.0 255.255.255.0 172.0.0.1 tun0
216.xxx.xx.0 255.255.255.0 0.0.0.0 WAN
192.168.1.0 255.255.255.0 172.0.0.1 tun0
10.1.4.0 255.255.255.0 0.0.0.0 LAN & WLAN
169.254.0.0 255.255.0.0 0.0.0.0 LAN & WLAN
172.0.0.0 255.0.0.0 0.0.0.0 tun0
10.0.0.0 255.0.0.0 172.0.0.1 tun0
0.0.0.0 0.0.0.0 216.xxx.xx.1 WANAny help getting this working in pfSense would be greatly appreciated!
-
Anyone? If I can provide more information or more clearly state the problem, please let me know.