Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVpn routing

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nuage
      last edited by

      Hello

      I'am using the OpenVPN service.
      The WAN IP is 51.XX.XX.53
      The LAN IP of the pfsense server is 172.168.0.28
      The Lan network is 172.16.0.0/16
      The IP Tunnel network is 10.0.0.0/24

      The client can access the Openvpn server :
      Fri Oct 30 10:08:54 2015 TAP-WIN32 device [Connexion au réseau local 2] opened: \.\Global{0920181E-E5B4-4F9D-8D95-D6422E4650B1}.tap
      Fri Oct 30 10:08:54 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.0.6/255.255.255.252 on interface {0920181E-E5B4-4F9D-8D95-D6422E4650B1} [DHCP-serv: 10.0.0.5, lease-time: 31536000]
      Fri Oct 30 10:08:54 2015 Successful ARP Flush on interface [29] {0920181E-E5B4-4F9D-8D95-D6422E4650B1}
      Fri Oct 30 10:08:59 2015 Initialization Sequence Completed
      Fri Oct 30 10:19:31 2015 [VPN Server Cert] Inactivity timeout (–ping-restart), restarting
      Fri Oct 30 10:19:31 2015 SIGUSR1[soft,ping-restart] received, process restarting
      Fri Oct 30 10:19:33 2015 UDPv4 link local (bound): [undef]
      Fri Oct 30 10:19:33 2015 UDPv4 link remote: [AF_INET]51.xx.xx.53:1194
      Fri Oct 30 10:19:33 2015 [VPN Server Cert] Peer Connection Initiated with [AF_INET]51.xx.xx.53:1194
      Fri Oct 30 10:19:35 2015 Preserving previous TUN/TAP instance: Connexion au réseau local 2
      Fri Oct 30 10:19:35 2015 Initialization Sequence Completed

      The client pings the tunnel IP (10.0.0.1)
      The client pings the Lan IP (172.16.0.28)
      The client dons't ping the another LAN IP like 172.16.0.22

      Can you help me, and tell me how the client can acccess to the LAN ?

      ![2015-10-30 12_29_58-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_29_58-mRemoteNG - confCons.xml.png)
      ![2015-10-30 12_29_58-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_29_58-mRemoteNG - confCons.xml.png_thumb)
      ![2015-10-30 12_30_48-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_30_48-mRemoteNG - confCons.xml.png)
      ![2015-10-30 12_30_48-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_30_48-mRemoteNG - confCons.xml.png_thumb)
      ![2015-10-30 12_31_06-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_31_06-mRemoteNG - confCons.xml.png)
      ![2015-10-30 12_31_06-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_31_06-mRemoteNG - confCons.xml.png_thumb)
      ![2015-10-30 12_32_24-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_32_24-mRemoteNG - confCons.xml.png)
      ![2015-10-30 12_32_24-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_32_24-mRemoteNG - confCons.xml.png_thumb)

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Check to points:

        • Is pfSense the default gateway at your LAN hosts? If not you have to add a route to direct response to pfSense or use NAT.

        • Are pings blocked by the hosts firewall?

        1 Reply Last reply Reply Quote 0
        • N
          nuage
          last edited by

          Hello,

          The ping is enable on the firewall.
          The pfsense server can ping the server.
          The Lan Host uses another gateway.
          I will add a route on the server.

          I will give you a feed back.

          Regards

          1 Reply Last reply Reply Quote 0
          • N
            nuage
            last edited by

            Hello,

            On the server 172.160.0.22, the firewall is disable and  I have add a route on this server withou success
            route ADD 10.0.0.0 MASK 255.255.255.252 172.16.0.28
            Have you another idea ?

            You can see a Wireshark capture ?

            ![2015-11-02 08_44_17-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-11-02 08_44_17-mRemoteNG - confCons.xml.png)
            ![2015-11-02 08_44_17-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-11-02 08_44_17-mRemoteNG - confCons.xml.png_thumb)

            1 Reply Last reply Reply Quote 0
            • V
              viragomann
              last edited by

              The mask in route add isn't correct. You need at least 255.255.255.248 to include your VPN IP 10.0.0.6 or you change the net address to 10.0.0.4. But better set the route for the whole VPN tunnel, 10.0.0.0 mask 255.255.255.0.

              To make the route persistent add the "-p" option.

              1 Reply Last reply Reply Quote 0
              • N
                nuage
                last edited by

                Thank you for your hekp, it's working :)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.