SOLVED Routing problems between OpenVPN and LAN servers.
-
Hello.
I am having very strange connections issues between my VPN and Lan networks. I hope somebody can help me, because i have spent a lot of time trying to fix i$
I have installed pfsense to use it as OpenVPN server, the server has one public IP address (xx.xx.xx.xx), and one private ip address (172.16.70.126).
Here is OpenVPN server config:
dev ovpns1
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local xx.xx.xx.xx
tls-server
server 172.16.120.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'YYYYYYYY_AD,Local Database' false server1" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'server.domain.com' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
push "route 172.16.70.0 255.255.255.0"
push "dhcp-option DOMAIN domain.com"
push "dhcp-option DNS 172.16.70.110"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server1.tls-auth 0
persist-remote-ip
floatIn Wan interface is avoid all traffic from outside except ICMP, and UDP with destination 1194 port.
In LAN and OpenVPN rules all traffic is allowed.To test my OpenVPN connection I am ussing a server in my LAN network, whose Ip is 172.16.70.110 and another server outside my LAN. When I connect the outsid$
In my LAN server (172.16.70.110) I added a rule that show the way to OpenVPN network:
route -n
Tabla de rutas IP del núcleo
Destino Pasarela Genmask Indic Métric Ref Uso Interfaz
0.0.0.0 172.16.70.22 0.0.0.0 UG 0 0 0 eth0
172.16.70.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.120.0 172.16.70.126 255.255.255.0 UG 0 0 0 eth0If I try ping from 172.16.120.6 to 172.16.70.110 works.
From 172.16.70.110 172.16.120.6 woks also.But i have seen that some packets are lost.
if I try traceroute from 172.16.120.6 to 172.16.70.110, works
traceroute 172.16.70.110
traceroute to 172.16.70.110 (172.16.70.110), 30 hops max, 60 byte packets
1 172.16.120.1 (172.16.120.1) 29.950 ms 29.935 ms 29.940 ms
2 172.16.70.110 (172.16.70.110) 29.857 ms * *But if I try the same from my LAN server it fails;
traceroute -n 172.16.120.6
traceroute to 172.16.120.6 (172.16.120.6), 30 hops max, 60 byte packets
1 172.16.70.126 0.222 ms 0.203 ms 0.207 ms
2 * * *
.
.
.Because that I cant connect by ssh or http.
I don't know why when packets form LAN arrive to the OpenVPN server are dropped, or missed or I don't know…..
Anybody can help me know whats wrong with my conf, or what can I do to find the problem.
Thanks.
-
This problem was solved.
The problem was that my Pfsense was installed in a Proxmox VM, whe I disabled hardware checksum offload all begin to works fine.