Need help-openVPN Buffalo-pfSense

frosch

Hi,

I'm a new with pfSense and need help with Site to Site VPN
Clients behind Buffalo can access LAN network behind pfSense,
but client behind pfSense cannot access LAN network behind Buffalo
Hope that somebody can help me,

Here some more information

pfSense 2.0.1-RELEASE (i386)
built on Mon Dec 12 18:24:17 EST 2011  – Buffalo Router (WZR-HP-G3000NH)
FreeBSD 8.1-RELEASE-p6

Buffalo Site:
LAN: 192.168.11.0 / 24
WAN: dhcp
openVPN: 172.30.96.0 / 19
RoutingTable:
Ziel-LAN-Netz  Subnetz-Maske  Gateway  Schnittstelle
172.30.96.1  255.255.255.255  172.30.96.6  tun1
192.168.228.1  255.255.255.255  0.0.0.0  WAN
172.30.96.6  255.255.255.255  0.0.0.0  tun1
192.168.228.0  255.255.255.0  0.0.0.0  WAN
192.168.76.0  255.255.255.0  172.30.96.6  tun1
192.168.11.0  255.255.255.0  0.0.0.0  LAN & WLAN
172.30.0.0  255.255.224.0  172.30.96.6  tun1
169.254.0.0  255.255.0.0  0.0.0.0  LAN & WLAN
0.0.0.0  0.0.0.0  192.168.228.1  WAN

pfSense Site:
LAN: 192.168.76.0 / 24
WAN: static IP
TUN: 172.30.96.0 / 19
RoutingTable:
Destination  Gateway  Flags  Refs  Use  Mtu  Netif  Expire
default  WAN-IP  UGS  0  848628  1500  fxp1 
127.0.0.1                   
172.30.0.0/19  172.30.0.2              ovpns1 
172.30.0.1  127.0.0.1                 
172.30.0.2  172.30.0.1                 
172.30.64.0/19  172.30.64.2  UGS            ovpns2 
172.30.64.1  127.0.0.1                 
172.30.64.2  link#9                 
172.30.64.0/19  172.30.96.2              ovpns3 
172.30.96.1  127.0.0.1                 
172.30.96.2  link#10                 
192.168.11.0/24  172.30.96.2                 
192.168.76.0/24  link#3                 
192.168.76.10  link#3                 
WAN-Network  WAN-IP

Greatings

Frosch

frosch

Anyone got any ideas here?
Please help :o

frosch

cmb

The problem is on the Buffalo, your routes are there and correct. You want to disable NAT on the Buffalo if it does what I think it does (the same as Tomato firmware's checkbox by the same name) in NATing traffic to the tun IP. If it's similar in another area to Tomato, you need a manual iptables rule to permit the traffic. You'll probably have better luck on Buffalo's forum since the issue is on that side and you won't find many people here who know it, I'm just making educated guesses.

frosch

Hi,

finally I solve my problem with site-to-site openVPN Buffalo-pfSense
it was just:) routing problem!!!

1. on pfSense under openVPN Server-Advanced configuration
I have to put
route 192.168.79.0 255.255.255.0; (Buffalo LAN)
route 192.168.76.0 255.255.255.0; (pfSense LAN)
push "route 192.168.76.0 255.255.255.0";(pfSense LAN)
push "route 192.168.79.0 255.255.255.0";(Buffalo LAN)

and pfSense under Client Specific Override-
ifconfig-push 172.30.96.5 172.30.96.6; (openVPN-Network)
push "route 192.168.76.0 255.255.255.0"; (pfSense LAN)
push "route 192.168.79.0 255.255.255.0";(Buffalo LAN)
iroute 192.168.79.0 255.255.255.0 (Buffalo LAN)

2. on Buffalo site

• Additional Config
  push "route 192.168.79.0 255.255.255.0" (Buffalo LAN)
  push "route 192.168.76.0 255.255.255.0" (pfSense LAN)

now I have all my routes and it works!!

http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing
was very helpful!

frosch