4. Unable to access additional subnets on Server side from Remote office.

Unable to access additional subnets on Server side from Remote office.

  • R

    I've searched already and still unable to solve this. I must be missing something simple.

    We're running v.2.2.1 on both routers. We only have a main office and a small remote site. OpenVPN site-to-site has already been configured and working; I'm able to ping the routers from both ends.

    The main office is on a 10.0.0.0/16 network and the remote office is on 10.1.1.0/24. I want the remote office (10.1.1.0/24) to be able to access the servers/machines/resources that are in all the subnets at the main office (e.g. 10.0.1.100, 10.0.127.10, 10.0.1.111)

    Where/how do I enter routes properly? Under "Advanced Configuration" in the OpenVPN setting, I've tried to add "route 10.0.1.0 255.255.255.0" on both server side and client side but it's not working.

    0
  • M

    When you setup the Open-VPN you specify the remote networks within Open-VPN. Also make sure you look at your rules and allow the traffic. Other than doing that you should be good to go.

    0
  • R

    That's what I had figured too but I must be missing something. Ports are open and set to any/any.

    Server side:

    Client side

    0
  • D
    Banned

    Uh… your tunnel is inside the /16. Please, sanitize your network design. Very much doubt you have 65K hosts. And while at it, stay totally out of 10.0.0.*

    0
  • R

    @doktornotor:

    Uh… your tunnel is inside the /16. Please, sanitize your network design. Very much doubt you have 65K hosts. And while at it, stay totally out of 10.0.0.*

    Yes, aware of that. It was inherited when I joined and will be scrubbed once we migrate to a new location in the near future.

    0
  • D
    Banned

    Well, it needs to be fixed NOW. It will not work. Either fix the /16 or move the tunnel to some other RFC1918 range.

    0
  • P

    You really just need to change the tunnel network to some private IP space different from any of your other private LAN subnets - 2 minutes, simple.
    I wish people would also think when setting up these things, rather than just clicking and entering exactly what they see in some on-line guide!
    I have some code in progress to try and prevent this, so it will give a validation error if you try to save an OpenVPN with a tunnel network that overlaps any other network.

    0

  • That sounds like a nice "dummy proofing" patch. I sometimes start going cross-eyed when staring at my lists of subnets for all the various tunnels / VLANs / etc.  I often make use of a handy tool called subnetcalc to check for overlapping IP ranges. If you're on a Mac and use Homebrew it's available via brew install subnetcalc

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy