OpenVpn routing



  • Hello

    I'am using the OpenVPN service.
    The WAN IP is 51.XX.XX.53
    The LAN IP of the pfsense server is 172.168.0.28
    The Lan network is 172.16.0.0/16
    The IP Tunnel network is 10.0.0.0/24

    The client can access the Openvpn server :
    Fri Oct 30 10:08:54 2015 TAP-WIN32 device [Connexion au réseau local 2] opened: \.\Global{0920181E-E5B4-4F9D-8D95-D6422E4650B1}.tap
    Fri Oct 30 10:08:54 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.0.6/255.255.255.252 on interface {0920181E-E5B4-4F9D-8D95-D6422E4650B1} [DHCP-serv: 10.0.0.5, lease-time: 31536000]
    Fri Oct 30 10:08:54 2015 Successful ARP Flush on interface [29] {0920181E-E5B4-4F9D-8D95-D6422E4650B1}
    Fri Oct 30 10:08:59 2015 Initialization Sequence Completed
    Fri Oct 30 10:19:31 2015 [VPN Server Cert] Inactivity timeout (–ping-restart), restarting
    Fri Oct 30 10:19:31 2015 SIGUSR1[soft,ping-restart] received, process restarting
    Fri Oct 30 10:19:33 2015 UDPv4 link local (bound): [undef]
    Fri Oct 30 10:19:33 2015 UDPv4 link remote: [AF_INET]51.xx.xx.53:1194
    Fri Oct 30 10:19:33 2015 [VPN Server Cert] Peer Connection Initiated with [AF_INET]51.xx.xx.53:1194
    Fri Oct 30 10:19:35 2015 Preserving previous TUN/TAP instance: Connexion au réseau local 2
    Fri Oct 30 10:19:35 2015 Initialization Sequence Completed

    The client pings the tunnel IP (10.0.0.1)
    The client pings the Lan IP (172.16.0.28)
    The client dons't ping the another LAN IP like 172.16.0.22

    Can you help me, and tell me how the client can acccess to the LAN ?

    ![2015-10-30 12_29_58-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_29_58-mRemoteNG - confCons.xml.png)
    ![2015-10-30 12_29_58-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_29_58-mRemoteNG - confCons.xml.png_thumb)
    ![2015-10-30 12_30_48-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_30_48-mRemoteNG - confCons.xml.png)
    ![2015-10-30 12_30_48-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_30_48-mRemoteNG - confCons.xml.png_thumb)
    ![2015-10-30 12_31_06-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_31_06-mRemoteNG - confCons.xml.png)
    ![2015-10-30 12_31_06-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_31_06-mRemoteNG - confCons.xml.png_thumb)
    ![2015-10-30 12_32_24-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_32_24-mRemoteNG - confCons.xml.png)
    ![2015-10-30 12_32_24-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_32_24-mRemoteNG - confCons.xml.png_thumb)



  • Check to points:

    • Is pfSense the default gateway at your LAN hosts? If not you have to add a route to direct response to pfSense or use NAT.

    • Are pings blocked by the hosts firewall?



  • Hello,

    The ping is enable on the firewall.
    The pfsense server can ping the server.
    The Lan Host uses another gateway.
    I will add a route on the server.

    I will give you a feed back.

    Regards



  • Hello,

    On the server 172.160.0.22, the firewall is disable and  I have add a route on this server withou success
    route ADD 10.0.0.0 MASK 255.255.255.252 172.16.0.28
    Have you another idea ?

    You can see a Wireshark capture ?

    ![2015-11-02 08_44_17-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-11-02 08_44_17-mRemoteNG - confCons.xml.png)
    ![2015-11-02 08_44_17-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-11-02 08_44_17-mRemoteNG - confCons.xml.png_thumb)



  • The mask in route add isn't correct. You need at least 255.255.255.248 to include your VPN IP 10.0.0.6 or you change the net address to 10.0.0.4. But better set the route for the whole VPN tunnel, 10.0.0.0 mask 255.255.255.0.

    To make the route persistent add the "-p" option.



  • Thank you for your hekp, it's working :)


Log in to reply