Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SOLVED Routing problems between OpenVPN and LAN servers.

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 905 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aayllon
      last edited by

      Hello.

      I am having very strange connections issues between my VPN and Lan networks. I hope somebody can help me, because i have spent a lot of time trying to fix i$

      I have installed pfsense to use it as OpenVPN server, the server has one public IP address (xx.xx.xx.xx), and one private ip address (172.16.70.126).

      Here is OpenVPN server config:

      dev ovpns1
      verb 1
      dev-type tun
      tun-ipv6
      dev-node /dev/tun1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      client-connect /usr/local/sbin/openvpn.attributes.sh
      client-disconnect /usr/local/sbin/openvpn.attributes.sh
      local xx.xx.xx.xx
      tls-server
      server 172.16.120.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc
      username-as-common-name
      auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'YYYYYYYY_AD,Local Database' false server1" via-env
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'server.domain.com' 1"
      lport 1194
      management /var/etc/openvpn/server1.sock unix
      push "route 172.16.70.0 255.255.255.0"
      push "dhcp-option DOMAIN domain.com"
      push "dhcp-option DNS 172.16.70.110"
      ca /var/etc/openvpn/server1.ca
      cert /var/etc/openvpn/server1.cert
      key /var/etc/openvpn/server1.key
      dh /etc/dh-parameters.1024
      tls-auth /var/etc/openvpn/server1.tls-auth 0
      persist-remote-ip
      float

      In Wan interface is avoid all traffic from outside except ICMP, and UDP with destination 1194 port.
      In LAN and OpenVPN rules all traffic is allowed.

      To test my OpenVPN connection I am ussing a server in my LAN network, whose Ip is 172.16.70.110 and another server outside my LAN. When I connect the outsid$

      In my LAN server (172.16.70.110) I added a rule that show the way to OpenVPN network:

      route -n
      Tabla de rutas IP del núcleo
      Destino        Pasarela              Genmask        Indic  Métric  Ref    Uso    Interfaz
      0.0.0.0            172.16.70.22    0.0.0.0              UG    0          0        0        eth0
      172.16.70.0    0.0.0.0              255.255.255.0  U      0          0        0        eth0
      172.16.120.0  172.16.70.126  255.255.255.0  UG    0          0        0        eth0

      If I try ping from 172.16.120.6 to 172.16.70.110  works.
      From 172.16.70.110 172.16.120.6 woks also.

      But i have seen that some packets are lost.

      if I try traceroute from 172.16.120.6 to 172.16.70.110, works

      traceroute 172.16.70.110
      traceroute to 172.16.70.110 (172.16.70.110), 30 hops max, 60 byte packets
      1  172.16.120.1 (172.16.120.1)  29.950 ms  29.935 ms  29.940 ms
      2  172.16.70.110 (172.16.70.110)  29.857 ms * *

      But if I try the same from my LAN server it fails;

      traceroute -n 172.16.120.6
      traceroute to 172.16.120.6 (172.16.120.6), 30 hops max, 60 byte packets
      1  172.16.70.126  0.222 ms  0.203 ms  0.207 ms
      2  * * *
      .
      .
      .

      Because that I cant connect by ssh or http.

      I don't know why when packets form LAN arrive to the OpenVPN server are dropped, or missed or I don't know…..

      Anybody can help me know whats wrong with my conf, or what can I do to find the problem.

      Thanks.

      1.jpg
      1.jpg_thumb
      2.jpg
      2.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • A
        aayllon
        last edited by

        This problem was solved.

        The problem was that my Pfsense was installed in a Proxmox VM, whe I disabled hardware checksum offload all begin to works fine.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.