Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open vpn push routes

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 23.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rajbps
      last edited by

      Hiya,

      I have pfsense 2.0.1 and running open-vpn on site A

      On site B the same thing.

      I have a server on site A on vlan23

      Between the 2 sites there is a Peer to Peer open vpn link.

      Vlan 23 is pushed from A to B

      Here are the ip.

      Now clients connet to B via roadworrior.

      They cant seem to access vlan23.

      Here are the ips

      Lan Vlan @ B is 192.168.20.0/24

      Setup on A

      Tunnel ip (server ) 10.0.20.0/24
      Lan ip 192.168.23.0/24

      Remote Lan 192.168.20.0/24

      Can anyone please advise.

      Cheers,

      Raj

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        http://forum.pfsense.org/index.php/topic,12888.0.html

        1 Reply Last reply Reply Quote 0
        • R
          rajbps
          last edited by

          Hiya,

          Will this work in my setup as the clients are trying to access from site B to site A (connected via roadworrior to B and the server is on site A connected to site B via openvpn again

          roadwarrior      <=Tunnel (10.0.23.0/24) => Site B lan(192.168.20.0/24)  <= (Tunel 10.0.20.0/24) ==>  Site A /Server (192.16823.0/24 vlan)

          1 Reply Last reply Reply Quote 0
          • R
            rajbps
            last edited by

            This work is nt mie.

            I JUST COPIED IT HERE.

            The original link is

            http://blog.stefcho.eu/?p=733

            And i am really greatful to the writer

            Hope this will help someone else.

            Scenario

            You have one or more Site to Site VPNs already and at least one Road Warrior setup for your users. Initially you are happy that you users can consume services from the site that hosts the Road Warrior, but then you want to give them access through the same connection to other sites connected to your main one.
            Setup

            Take a look at the network diagram.

            pfSense01 serves the main site, and provides access to the remote users, but also has a site to site configuration with pfSense02.

            If you are on the LAN (10.10.9.0/24) side behind pfSense01, you will be able to access machines through the Site to Site connection and communicate with machines on the other end, for example 10.10.10.99.

            But if you are the VPN Client, you will be able to only access machines in the 10.10.9.0/24 network.

            Our aim is to provide the VPN Client access to network behind pfSense02 (10.10.10.0/24) in addition to the 10.10.9.0/24 one.
            Configuration

            If you have already configured Road Warrior and Site To Site configuration skip to the Advanced Configuration section below.
            Road Warrior

            For reference how to configure it, you can look at my other posts, and choose depending on your needs:

            pfSense 2.0 RC1 configuration of OpenVPN Server for Rad Warrior with TLS and User Authentication

            OpenVPN with LDAP authentication on pfSense 2.0 RC1

            OpenVPN with RADIUS authentication on pfSense 2.0 RC1

            Site To Site

            In case that you don’t have a site to site configuration ready, you can check out one of this posts:

            Building Site to Site Connection with OpenVPN on pfSense 2.0 RC1 with Shared Key

            Building Site to Site Connection with OpenVPN on pfSense 2.0 RC1 with PKI

            Advanced Configuration

            On pfSense 01,navigate to VPN > OpenVPN

            on the Server leaf, in the Road Warrior configuration scroll down to the bottom section titled Advanced Configuration

            and enter this line:

            push “route 10.10.10.0 255.255.255.0″;

            On pfSense 02, again navigate to VPN > OpenVPN, on the Client leaf, and open the Site To Site configuration

            Scroll down to the bottom section titled Advanced Configuration, and enter this line:

            route 10.123.45.0 255.255.255.0;

            Explanation

            As jimp explained in the thread mentioned below,

            The push “route 10.10.10.0 255.255.255.0″; on the Road Warrior configuration tells the client that they can reach machines on the second site via the OpenVPN connection. While establishing connation OpenVPN Client adds an additional route to the second site.

            The route 10.123.45.0 255.255.255.0; will instruct the second site how to answer on requests from the OpenVPN Client.
            Testing

            After you save the configuration changes, connect to the Road Warrior, and test you connectivity to machine on both sites.
            References

            While I was configuring similar setup, the routing part was new to me and I found it difficult to grasp at the time, but thanks to jimp’s help on the matter everything is crystal clear.
            You can check out the thread in the pfSense forum here:
            Topic: Routing Road Warrior to Site-To-Site, pfSense as OpenVPN client configuration

            1 Reply Last reply Reply Quote 0
            • R
              rajbps
              last edited by

              This is

              route 10.123.45.0 255.255.255.0;

              The subnet of the roadwarrior from site A that added to site B

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.