OPEN VPN problem
-
please help
pfSense 2.1 RC0 (i386)connection works properly at least as far as the openvpn client. The client can access the server and the network behind the server and use all the resources within the network (everything works great)
But server (pfSense) can access only virtual address (pfsense client IPv4 Tunnel Network x.x.x.6)
The server-side network has a connection only to same tunnel virtual address on clinet side.the server have a correct route to the openvpn client network
the same was happening to me for both type of connection ("per to per", "Remote access windows client")
I have no idea where I'm wrong
-
Is isn't totally clear what you're doing from the wording of your post, but I'm guessing you want to be able to access the network behind the client… is that correct? If so, on the client you need to enable IP routing... then on the server you need to add a client specific iroute statement.
-
for a moment I thought that this will be easy
I'm trying to make a simple site-to-site
I have OpenVPN server and openvpn client
Behind each side has one networkopenvpn server
wan static
lan (192.168.0.0/24)
tunel network 172.16.100.0/24openvpn client
wan static
lan (192.168.10.0/24)
tunel network 172.16.100.0/24routes are made destination 192.168.10.0/24 gateway 172.16.100.2 on server (on client is similarly)
and when I add static NAT everything works but only from one side (client to server)
Now where do I add iroute and if it can sample
I guess "iroute 192.168.10.0 255.255.255.0"
but whether it should be included in the configuration from the server or the client? -
I think you should try a tap instead of a tun. With tap you should be able to see computers from each side because tap would allow broadcasts to travel throughout both networks. There is a tap patch under packages.
-
Clarification…. Are both ends using PFsense?
-
Clarification…. Are both ends using PFsense?
yes
server route table
client route table
the client is behind a aDSL router provider by Internet provider maybe that's the problem?
I tested this and it is not a problem
I tried several times and addresses are not the same as in the first post
-
This happen to me too. but it turn out that i was config it on ONLY ONE computer that cant access to my HQ all other computer client work just fine. it took me a day to find out that this computer got something wrong with the driver!. after i put in new NIC. it is working so fine.
just some idea for you.
-
Ok, site to site, PFsense on both ends, forget the iroute. I don't see a route to the 192.168.10.x/24 network on your server…. that's why you can't get to the client-side. Although, I do see a route to the 192.168.194.0/24 network.... which looks like the LAN on the client-side.... are you sure the client is on the 192.168.10.0/24 network? Might want to double check... cause it doesn't look like it.
Post your server1.conf and client1.conf.
On the client-side, it looks like you're double NATing, so you'll have to either remove it or keep your static route in place (someone correct me if I'm wrong)