Open vpn push routes



  • Hiya,

    I have pfsense 2.0.1 and running open-vpn on site A

    On site B the same thing.

    I have a server on site A on vlan23

    Between the 2 sites there is a Peer to Peer open vpn link.

    Vlan 23 is pushed from A to B

    Here are the ip.

    Now clients connet to B via roadworrior.

    They cant seem to access vlan23.

    Here are the ips

    Lan Vlan @ B is 192.168.20.0/24

    Setup on A

    Tunnel ip (server ) 10.0.20.0/24
    Lan ip 192.168.23.0/24

    Remote Lan 192.168.20.0/24

    Can anyone please advise.

    Cheers,

    Raj





  • Hiya,

    Will this work in my setup as the clients are trying to access from site B to site A (connected via roadworrior to B and the server is on site A connected to site B via openvpn again

    roadwarrior      <=Tunnel (10.0.23.0/24) => Site B lan(192.168.20.0/24)  <= (Tunel 10.0.20.0/24) ==>  Site A /Server (192.16823.0/24 vlan)



  • This work is nt mie.

    I JUST COPIED IT HERE.

    The original link is

    http://blog.stefcho.eu/?p=733

    And i am really greatful to the writer

    Hope this will help someone else.

    Scenario

    You have one or more Site to Site VPNs already and at least one Road Warrior setup for your users. Initially you are happy that you users can consume services from the site that hosts the Road Warrior, but then you want to give them access through the same connection to other sites connected to your main one.
    Setup

    Take a look at the network diagram.

    pfSense01 serves the main site, and provides access to the remote users, but also has a site to site configuration with pfSense02.

    If you are on the LAN (10.10.9.0/24) side behind pfSense01, you will be able to access machines through the Site to Site connection and communicate with machines on the other end, for example 10.10.10.99.

    But if you are the VPN Client, you will be able to only access machines in the 10.10.9.0/24 network.

    Our aim is to provide the VPN Client access to network behind pfSense02 (10.10.10.0/24) in addition to the 10.10.9.0/24 one.
    Configuration

    If you have already configured Road Warrior and Site To Site configuration skip to the Advanced Configuration section below.
    Road Warrior

    For reference how to configure it, you can look at my other posts, and choose depending on your needs:

    pfSense 2.0 RC1 configuration of OpenVPN Server for Rad Warrior with TLS and User Authentication

    OpenVPN with LDAP authentication on pfSense 2.0 RC1

    OpenVPN with RADIUS authentication on pfSense 2.0 RC1

    Site To Site

    In case that you don’t have a site to site configuration ready, you can check out one of this posts:

    Building Site to Site Connection with OpenVPN on pfSense 2.0 RC1 with Shared Key

    Building Site to Site Connection with OpenVPN on pfSense 2.0 RC1 with PKI

    Advanced Configuration

    On pfSense 01,navigate to VPN > OpenVPN

    on the Server leaf, in the Road Warrior configuration scroll down to the bottom section titled Advanced Configuration

    and enter this line:

    push “route 10.10.10.0 255.255.255.0″;

    On pfSense 02, again navigate to VPN > OpenVPN, on the Client leaf, and open the Site To Site configuration

    Scroll down to the bottom section titled Advanced Configuration, and enter this line:

    route 10.123.45.0 255.255.255.0;

    Explanation

    As jimp explained in the thread mentioned below,

    The push “route 10.10.10.0 255.255.255.0″; on the Road Warrior configuration tells the client that they can reach machines on the second site via the OpenVPN connection. While establishing connation OpenVPN Client adds an additional route to the second site.

    The route 10.123.45.0 255.255.255.0; will instruct the second site how to answer on requests from the OpenVPN Client.
    Testing

    After you save the configuration changes, connect to the Road Warrior, and test you connectivity to machine on both sites.
    References

    While I was configuring similar setup, the routing part was new to me and I found it difficult to grasp at the time, but thanks to jimp’s help on the matter everything is crystal clear.
    You can check out the thread in the pfSense forum here:
    Topic: Routing Road Warrior to Site-To-Site, pfSense as OpenVPN client configuration



  • This is

    route 10.123.45.0 255.255.255.0;

    The subnet of the roadwarrior from site A that added to site B


Log in to reply