Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site-to-Site VPN need to access network openvpn server is on through VPN

    Scheduled Pinned Locked Moved
    OpenVPN
    2
    4
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      ke6igz
      last edited by

      I have a Site-to-Site open VPN tunnel setup between our two offices. Both office have pfsense boxes. Eveything is working fine except I want to be able to access the network the openvpn server is on through the openvpn tunnel. If I add a route to that network using the openvpn tunnel the openvpn link drops because it can not connect to the open vpn server anymore. Here is the setup

      remote openvpn server: 64.208.129.103
      remote subnet:  64.208.129.103/24

      I want to be able to connect to for example: 64.208.129.14 through the openvpn link. I have setup several routes for other networks that are behind the openvpn server and they route just fine. Just not for the network the openvpn server itself is on.

      Is this possible? Any help will be greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        remote openvpn server: 64.208.129.103
        remote subnet:  64.208.129.103/24

        What kind of setup is that where the remote endpoint is at the same time part of the remote subnet?

        Are you sure there is no other way?
        You could try to add a static route to the remote openVPN server address to force traffic to this IP always out the WAN.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • K
          ke6igz
          last edited by

          The configuration goes like this. We have two sites: Main office and our datacenter. I have a pfsense box at the data center and at the main office. The main office has a private network that is natted to a public IP. The data center has several networks that are public internet networks. We could access the networks at the datacenter directly with no VPN but that would not be secure. I setup a OpenVPN link between the two pfsense boxes and have added static routes to force all traffic to the public networks at the datacenter through the VPN link. This works great but I was not able to access the network that the datacenter pfsense box sits on through the VPN. Your suggestion seems to have worked. I added a static route for 64.208.129.103/32 (Datacenter Pfsense box) who's gateway is our WAN gateway. Then I added a 64.208.129.0/24 route with the OpenVPN link as the gateway.

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Then I added a 64.208.129.0/24 route with the OpenVPN link as the gateway.

            I wouldnt add routes like these static.
            You can just add the -route command to your config.
            OpenVPN adds these routes dynamically when the tunnel comes up and removes them when it goes down.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post