Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing from one VPN to another

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 4 Posters 5.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ThomasJ
      last edited by

      Hi All,

      I've been trying to get this going for a few days… and I think its time to finally admit defeat.

      My network looks like this:

      The road warrior can see 10.1.0.0/16, Site A and B can see each others respective subnets.

      The only issue I have is - I want to be able to see the site A VPN from the road warrior - without having to have a separate VPN tunnel open on the road warrior.

      I've tried to push "route 10.0.0.0 255.255.0.0" in the custom options for the road warrior server config.

      I've also tried to allow any traffic originating from anywhere to be let through the firewall in case it was that

      Other than that, I just followed the OpenVPN guide http://pfsense.org/index.php?id=36 for both types of VPN.

      Any help would be very much appreciated!

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        a diagram would help

        (does your site A know the route to your roadwarrior subnet?)

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • T
          ThomasJ
          last edited by

          Sorry about that - I was sure I put in the link in my original post to the image….

          http://privtpj.com/Drawing1.jpg

          1 Reply Last reply Reply Quote 0
          • T
            ThomasJ
            last edited by

            @GruensFroeschli:

            (does your site A know the route to your roadwarrior subnet?)

            That was all the help I needed :)

            Just added a static route to Site A router to tell it to gateway 10.253.0.0/24 through 10.1.0.1 :)

            Thanks for your help

            1 Reply Last reply Reply Quote 0
            • F
              faflu
              last edited by

              @ThomasJ:

              @GruensFroeschli:

              (does your site A know the route to your roadwarrior subnet?)

              That was all the help I needed :)

              Just added a static route to Site A router to tell it to gateway 10.253.0.0/24 through 10.1.0.1 :)

              Thanks for your help

              I have the same problem but I'm less skilled. Can you quote exactly what to do on the servers? Isn't it necessary to make changes to the routing table on the road warrior's side?

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                I've tried to push "route 10.0.0.0 255.255.0.0" in the custom options for the road warrior server config.

                This custom option pushes the necessary route changes to the road warrior.
                –> OpenVPN changes the routing table dynamically.

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • K
                  kamil.maciejewski
                  last edited by

                  so here I have almost the same problem, which I cannot solve - we have here main LAN network, and two VPN's - from LAN I can connect to each VPN, and from each VPN I can connect to LAN, but I can't connect from one VPN to the other VPN. I tried to add route on the client computer and add a static route on the router, but still I can't connect - does anyone know how to bridge those two VPN's to see each other?
                  the map is: VPN1: 192.168.3.0/24 –- LAN: 192.168.2.0/24 --- VPN2: 129.1.0.0/24
                  I tried to add a static route on the server:

                  Interface  Network  Gateway  Description

                  WAN 129.1.1.0/24 129.1.1.1 vpn_route_test

                  But it didn't help :(

                  First I needed to add a route on the client, the default one was only for main LAN, now routing table looks like this:
                  Kernel IP routing table
                  Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
                  192.168.3.1    192.168.3.9    255.255.255.255 UGH  0      0        0 tun0
                  192.168.3.9    *              255.255.255.255 UH    0      0        0 tun0
                  localnet        *              255.255.255.252 U    0      0        0 eth0
                  129.1.1.0      192.168.3.9    255.255.255.0  UG    0      0        0 tun0
                  192.168.2.0    192.168.3.9    255.255.255.0  UG    0      0        0 tun0
                  default        gkw77.internetd 0.0.0.0        UG    0      0        0 eth0

                  But still I can't connect. Anyone know why?

                  1 Reply Last reply Reply Quote 0
                  • GruensFroeschliG
                    GruensFroeschli
                    last edited by

                    Please draw a diagram of your setup.
                    Is this a PKI or PSK setup?
                    You cannot bridge these VPN's together. You only can route them.

                    DO NOT use 129.1.0.0/24 as a subnet.
                    192.168.0.0/16
                    172.16.0.0/12
                    10.0.0.0/8
                    are allowed private ranges.

                    Can you post the config files from both clients and the server?
                    Is there another network behind your clients?
                    From where are you testing? How are you testing?
                    http://forum.pfsense.org/index.php/topic,7001.0.html

                    We do what we must, because we can.

                    Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                    1 Reply Last reply Reply Quote 0
                    • K
                      kamil.maciejewski
                      last edited by


                      I'm checking settings trying to connect from Net2 to Net1 - of course the only way is to route this through Net0 using both VPNS. Now it should be easier to understand. The main VPN server in Net0 is pfSense

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.