Routing issue mobile clients cant reach remote site



  • Hi everyone have a bit of an issue that I cant figure out.

    My set up is as follows:

    (Remote office)(Client)==/30tun==>openvpn tun. pre shared key==>(Main office)(server) This works fine both sites are working fine and there is no problem.

    Now I have added mobile clients

    (Remote office)(Client)==/30tun==>openvpn tun. pre shared key==>(Main office)(server for clients and satellite office)<==openvpn tun for mobile clients (all traffic is routed to through the main office)

    The issue I got is mobile clients are able to see the main office network but not remote network.

    Any input is appreciated.



  • Assuming you have firewall rules allowing the traffic on both ends, two things needs to happen:

    • You need to push a route for the remote office LAN to your mobile clients

    • You need a return route for your mobile client's tunnel network on the remote end





  • I have tried push routes for the two sites to the mobile clients, but I dont think its needed as I have all traffic from mobile clients going through our main office. Do I still need push routes?



  • OK found this very useful blog post about the issues I was having and the reason for the error I have had. Here is the link:

    http://blog.stefcho.eu/?p=733

    Good read for anyone with multisite VPN. I still think OSPF would have been a better option as manual set up ok for smaller network but once you reach a certain size becomes full time occupation to mange.



  • Appears to be a more detailed explanation on what I posted previously.  Although, correct me if I'm wrong, but I'll assume he meant to add 10.0.7.0/24 to PFsense02 and not 10.123.45.0/24 as it does not appear in his network diagram.



  • No everything is correct in the blog, you need to add the network so the traffic can return



  • you need to add the network so the traffic can return

    Absolutely, you need a return route for the road warrior tunnel network on PFsense02, so the return traffic gets routed down the tunnel….but if you notice, the road warrior tunnel network is 10.0.7.0/24 not 10.123.45.0/24.

    I'm guessing he was working on multiple documents and posted the wrong subnet by mistake because 10.123.45.0/24 is no where in his diagram.

    Someone please point it out if it's right in front of my face and I'm missing it, but going strictly off the diagram... I don't see any reason for routing 10.123.45.0/24 down the tunnel.


Log in to reply