SOLVED Routing problems between OpenVPN and LAN servers.
I am having very strange connections issues between my VPN and Lan networks. I hope somebody can help me, because i have spent a lot of time trying to fix i$
I have installed pfsense to use it as OpenVPN server, the server has one public IP address (xx.xx.xx.xx), and one private ip address (172.16.70.126).
Here is OpenVPN server config:
keepalive 10 60
server 172.16.120.0 255.255.255.0
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'YYYYYYYY_AD,Local Database' false server1" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'server.domain.com' 1"
management /var/etc/openvpn/server1.sock unix
push "route 172.16.70.0 255.255.255.0"
push "dhcp-option DOMAIN domain.com"
push "dhcp-option DNS 172.16.70.110"
tls-auth /var/etc/openvpn/server1.tls-auth 0
In Wan interface is avoid all traffic from outside except ICMP, and UDP with destination 1194 port.
In LAN and OpenVPN rules all traffic is allowed.
To test my OpenVPN connection I am ussing a server in my LAN network, whose Ip is 172.16.70.110 and another server outside my LAN. When I connect the outsid$
In my LAN server (172.16.70.110) I added a rule that show the way to OpenVPN network:
Tabla de rutas IP del núcleo
Destino Pasarela Genmask Indic Métric Ref Uso Interfaz
0.0.0.0 172.16.70.22 0.0.0.0 UG 0 0 0 eth0
172.16.70.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.120.0 172.16.70.126 255.255.255.0 UG 0 0 0 eth0
If I try ping from 172.16.120.6 to 172.16.70.110 works.
From 172.16.70.110 172.16.120.6 woks also.
But i have seen that some packets are lost.
if I try traceroute from 172.16.120.6 to 172.16.70.110, works
traceroute to 172.16.70.110 (172.16.70.110), 30 hops max, 60 byte packets
1 172.16.120.1 (172.16.120.1) 29.950 ms 29.935 ms 29.940 ms
2 172.16.70.110 (172.16.70.110) 29.857 ms * *
But if I try the same from my LAN server it fails;
traceroute -n 172.16.120.6
traceroute to 172.16.120.6 (172.16.120.6), 30 hops max, 60 byte packets
1 172.16.70.126 0.222 ms 0.203 ms 0.207 ms
2 * * *
Because that I cant connect by ssh or http.
I don't know why when packets form LAN arrive to the OpenVPN server are dropped, or missed or I don't know…..
Anybody can help me know whats wrong with my conf, or what can I do to find the problem.
This problem was solved.
The problem was that my Pfsense was installed in a Proxmox VM, whe I disabled hardware checksum offload all begin to works fine.