OpenVpn routing

nuage

Hello

I'am using the OpenVPN service.
The WAN IP is 51.XX.XX.53
The LAN IP of the pfsense server is 172.168.0.28
The Lan network is 172.16.0.0/16
The IP Tunnel network is 10.0.0.0/24

The client can access the Openvpn server :
Fri Oct 30 10:08:54 2015 TAP-WIN32 device [Connexion au réseau local 2] opened: \.\Global{0920181E-E5B4-4F9D-8D95-D6422E4650B1}.tap
Fri Oct 30 10:08:54 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.0.6/255.255.255.252 on interface {0920181E-E5B4-4F9D-8D95-D6422E4650B1} [DHCP-serv: 10.0.0.5, lease-time: 31536000]
Fri Oct 30 10:08:54 2015 Successful ARP Flush on interface [29] {0920181E-E5B4-4F9D-8D95-D6422E4650B1}
Fri Oct 30 10:08:59 2015 Initialization Sequence Completed
Fri Oct 30 10:19:31 2015 [VPN Server Cert] Inactivity timeout (–ping-restart), restarting
Fri Oct 30 10:19:31 2015 SIGUSR1[soft,ping-restart] received, process restarting
Fri Oct 30 10:19:33 2015 UDPv4 link local (bound): [undef]
Fri Oct 30 10:19:33 2015 UDPv4 link remote: [AF_INET]51.xx.xx.53:1194
Fri Oct 30 10:19:33 2015 [VPN Server Cert] Peer Connection Initiated with [AF_INET]51.xx.xx.53:1194
Fri Oct 30 10:19:35 2015 Preserving previous TUN/TAP instance: Connexion au réseau local 2
Fri Oct 30 10:19:35 2015 Initialization Sequence Completed

The client pings the tunnel IP (10.0.0.1)
The client pings the Lan IP (172.16.0.28)
The client dons't ping the another LAN IP like 172.16.0.22

Can you help me, and tell me how the client can acccess to the LAN ?

![2015-10-30 12_29_58-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_29_58-mRemoteNG - confCons.xml.png)
![2015-10-30 12_29_58-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_29_58-mRemoteNG - confCons.xml.png_thumb)
![2015-10-30 12_30_48-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_30_48-mRemoteNG - confCons.xml.png)
![2015-10-30 12_30_48-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_30_48-mRemoteNG - confCons.xml.png_thumb)
![2015-10-30 12_31_06-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_31_06-mRemoteNG - confCons.xml.png)
![2015-10-30 12_31_06-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_31_06-mRemoteNG - confCons.xml.png_thumb)
![2015-10-30 12_32_24-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_32_24-mRemoteNG - confCons.xml.png)
![2015-10-30 12_32_24-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_32_24-mRemoteNG - confCons.xml.png_thumb)

viragomann

Check to points:

Is pfSense the default gateway at your LAN hosts? If not you have to add a route to direct response to pfSense or use NAT.
Are pings blocked by the hosts firewall?

nuage

Hello,

The ping is enable on the firewall.
The pfsense server can ping the server.
The Lan Host uses another gateway.
I will add a route on the server.

I will give you a feed back.

Regards

nuage

Hello,

On the server 172.160.0.22, the firewall is disable and I have add a route on this server withou success
route ADD 10.0.0.0 MASK 255.255.255.252 172.16.0.28
Have you another idea ?

You can see a Wireshark capture ?

![2015-11-02 08_44_17-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-11-02 08_44_17-mRemoteNG - confCons.xml.png)
![2015-11-02 08_44_17-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-11-02 08_44_17-mRemoteNG - confCons.xml.png_thumb)

viragomann

The mask in route add isn't correct. You need at least 255.255.255.248 to include your VPN IP 10.0.0.6 or you change the net address to 10.0.0.4. But better set the route for the whole VPN tunnel, 10.0.0.0 mask 255.255.255.0.

To make the route persistent add the "-p" option.

nuage

Thank you for your hekp, it's working :)