Routing from one VPN to another



  • Hi All,

    I've been trying to get this going for a few days… and I think its time to finally admit defeat.

    My network looks like this:

    The road warrior can see 10.1.0.0/16, Site A and B can see each others respective subnets.

    The only issue I have is - I want to be able to see the site A VPN from the road warrior - without having to have a separate VPN tunnel open on the road warrior.

    I've tried to push "route 10.0.0.0 255.255.0.0" in the custom options for the road warrior server config.

    I've also tried to allow any traffic originating from anywhere to be let through the firewall in case it was that

    Other than that, I just followed the OpenVPN guide http://pfsense.org/index.php?id=36 for both types of VPN.

    Any help would be very much appreciated!



  • a diagram would help

    (does your site A know the route to your roadwarrior subnet?)



  • Sorry about that - I was sure I put in the link in my original post to the image….

    http://privtpj.com/Drawing1.jpg



  • @GruensFroeschli:

    (does your site A know the route to your roadwarrior subnet?)

    That was all the help I needed :)

    Just added a static route to Site A router to tell it to gateway 10.253.0.0/24 through 10.1.0.1 :)

    Thanks for your help



  • @ThomasJ:

    @GruensFroeschli:

    (does your site A know the route to your roadwarrior subnet?)

    That was all the help I needed :)

    Just added a static route to Site A router to tell it to gateway 10.253.0.0/24 through 10.1.0.1 :)

    Thanks for your help

    I have the same problem but I'm less skilled. Can you quote exactly what to do on the servers? Isn't it necessary to make changes to the routing table on the road warrior's side?



  • I've tried to push "route 10.0.0.0 255.255.0.0" in the custom options for the road warrior server config.

    This custom option pushes the necessary route changes to the road warrior.
    –> OpenVPN changes the routing table dynamically.



  • so here I have almost the same problem, which I cannot solve - we have here main LAN network, and two VPN's - from LAN I can connect to each VPN, and from each VPN I can connect to LAN, but I can't connect from one VPN to the other VPN. I tried to add route on the client computer and add a static route on the router, but still I can't connect - does anyone know how to bridge those two VPN's to see each other?
    the map is: VPN1: 192.168.3.0/24 –- LAN: 192.168.2.0/24 --- VPN2: 129.1.0.0/24
    I tried to add a static route on the server:

    Interface  Network  Gateway  Description

    WAN 129.1.1.0/24 129.1.1.1 vpn_route_test

    But it didn't help :(

    First I needed to add a route on the client, the default one was only for main LAN, now routing table looks like this:
    Kernel IP routing table
    Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
    192.168.3.1    192.168.3.9    255.255.255.255 UGH  0      0        0 tun0
    192.168.3.9    *              255.255.255.255 UH    0      0        0 tun0
    localnet        *              255.255.255.252 U    0      0        0 eth0
    129.1.1.0      192.168.3.9    255.255.255.0  UG    0      0        0 tun0
    192.168.2.0    192.168.3.9    255.255.255.0  UG    0      0        0 tun0
    default        gkw77.internetd 0.0.0.0        UG    0      0        0 eth0

    But still I can't connect. Anyone know why?



  • Please draw a diagram of your setup.
    Is this a PKI or PSK setup?
    You cannot bridge these VPN's together. You only can route them.

    DO NOT use 129.1.0.0/24 as a subnet.
    192.168.0.0/16
    172.16.0.0/12
    10.0.0.0/8
    are allowed private ranges.

    Can you post the config files from both clients and the server?
    Is there another network behind your clients?
    From where are you testing? How are you testing?
    http://forum.pfsense.org/index.php/topic,7001.0.html




  • I'm checking settings trying to connect from Net2 to Net1 - of course the only way is to route this through Net0 using both VPNS. Now it should be easier to understand. The main VPN server in Net0 is pfSense


Locked