Where is the "local networks"/"remote networks" setting after wizard?
-
during the initial setup of a vpn server one can specify "local networks" and "remote networks" as shown on the png below:
https://doc.pfsense.org/images/3/30/OpenVPN-s2s-vork-02.png
i need to add networks there, but on the openvpn-settings tab its not included. where are those routes editable?
thx! -
Not sure what you mean by "openvpn-settings tab". From the menus, VPN->OpenVPN, Server tab, edit the server you want.
-
under "tunnel settings"
https://doc.pfsense.org/images/thumb/3/30/OpenVPN-s2s-vork-02.png/700px-OpenVPN-s2s-vork-02.png
there are two fields: ipv4 local networks and ipv4 remote networks
after setting up the server, in openvpn-edit-server option "remote networks" is gone.
anyway, i added all networks to ipv4 local networks and also if i enable "redirect gateway" - i can reach all networks with the openvpn clients. so far so good. what i would like is to make the openvpn client internet traffic be routed through the openvpn server that pfsense connects (enabled redirect gateway on the client) but problem is android cant see 10.10.0.0:
10.15.0.6 (android)–->pfsense openvpnserver --> pfsense openvpn client ---> linux openvpn server 10.10.0.1
although i can reacht the other lan networks from the androidn (192.168.1.0 and 192.168.15.0) i cant reach 10.10.0.0
-
Ahh - Remote Networks is not displayed for that sort of "Road Warrior" server, because that sort of server is not designed to be routing from the server out to some client "office" subnet. The wizard gives all the fields to type in, I don't think it has script to hide/display various fields depending on the type of server you have picked.\
That reachability should be just a matter of checking that all routers along the way know routes to/from all the various subnets, and that firewalls along the way are permitting packets to/from those subnets.
On pfSense OpenVPN server:
Local Networks - put something like 192.168.1.0/24,192.168.15.0/24,10.10.0.0/16
OpenVPN firewall rules - pass all that stuff (and more if that is then the way to the whole internet), and pass 10.15.0.0/16 as it comes back from Linux OpenVPN server.Linux OpenVPN server:
Tell it that the pfSense client has 192.168.1.0/24,192.168.15.0/24,10.15.0.0/16 (whatever those networks are) reachable behind it.
Pass all the relevant networks.traceroute/tracert should be your friend - use that to/from parts of the network and see where the traffic is hopping, and where it is not returning. That will give clues about which hop has router or firewall issues.