Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Site to Site - Specific Route Failure

    OpenVPN
    2
    3
    1314
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NoOneParticular last edited by

      I have 3 locations and it's setup with openvpn with a 'master' server and 2 'slaves' clients.

      On the server, I have 2 wans, one being the default is a comcast business line, the secondary being a local network (172.0.0.0).

      When the remote locations are connected to the server, all routes work except those that are destined for wan2.  This is specifically for LAN clients at the remote location.  The firewall is able to tracert the route.

      For example…

      from pfsense(10.12.0.1) at a remote location:

      Traceroute output:

      1  10.0.100.1 (10.0.100.1)  22.633 ms  21.332 ms  21.835 ms
      2  * * *
      3  172.16.220.41 (172.16.220.41)  21.675 ms  25.604 ms  26.616 ms
      4  172.16.211.254 (172.16.211.254)  26.533 ms  26.575 ms  60.275 ms
      5  172.16.160.52 (172.16.160.52)  40.603 ms  26.258 ms  44.411 ms

      from the lan connected to pfsense(10.12.0.1)

      Tracing route to 172.16.160.52 over a maximum of 30 hops

      1    4 ms    <1 ms    <1 ms  10.12.0.1
        2    23 ms    20 ms    21 ms  10.0.100.1
        3    *        *        *    Request timed out.
        4    *        *        *    Request timed out.
        5    *        *        *    Request timed out.

      I'm not sure what is different from the router at the remote location and the lan from the remote location.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • H
        heper last edited by

        its possible the traceroute on the pfsense does not really use the  10.12.0.0/x subnet … but is more likely using the 10.0.100.0/x subnet.

        
from pfsense(10.12.0.1) at a remote location:

Traceroute output:

 [b]1  10.0.100.1 (10.0.100.1)  22.633 ms  21.332 ms  21.835 ms[/b]
 2  * * *
 3  172.16.220.41 (172.16.220.41)  21.675 ms  25.604 ms  26.616 ms
 4  172.16.211.254 (172.16.211.254)  26.533 ms  26.575 ms  60.275 ms
 5  172.16.160.52 (172.16.160.52)  40.603 ms  26.258 ms  44.411 ms

        Do you have a route TO the 10.12.0.0/x subnet using ovpn-x on the 'master' server ?
        (you have to specify it in the openvpn advanced configuration and either push it from the client or set it on the master)
        Do not use the builtin static routes menu in pfsense!

        kind regards.

        1 Reply Last reply Reply Quote 0
        • N
          NoOneParticular last edited by

          Thanks for the help!

          It has been resolved now, I needed to add outbound nat for 10.12.0.0 and 10.13.0.0 on the master, works like a charm now.  Luckily these easy fixes barely cost any time off commercial support.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post