• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Reverse Routing to LAN Problem (SOLVED)

Scheduled Pinned Locked Moved Routing and Multi WAN
2 Posts 1 Posters 1.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jarrad
    last edited by Dec 22, 2015, 11:09 PM Dec 22, 2015, 10:43 AM

    Hi All

    Hoping someone can point me in the right direction.

    I have the OpenVPN server configured and thanks for DocNok I have my route being pushed correctly but something with it isn't working 100%. To explain:

    LAN -> 192.168.1.0/24 - IF address 192.168.1.1 static
    OVPN -> 10.8.0.0/24 - IF address 10.8.0.1 (I'm not sure how this is set)

    I created an interface from the OVPN server as OVPNS2
    There is a rule on this gateway to allow all from all and to exit via OVPNS2 interface as a gateway
    The OVPN server pushes a route for 192.168.1.0/24 and uses 10.8.0.1 as the gateway

    On the LAN side, there is a rule that says any traffic from the LAN net to 10.8.0.0/24 is to exit via the OVPNS2 gateway

    A random IP on the LAN side, say 192.168.1.243 can ping to a client in the VPN - 10.8.0.2 with no issues
    The VPN client on the other hand 10.8.0.2, can ping the router of 192.168.1.1 but cannot ping LAN clients such as 192.168.1.243

    I am expecting it is a routing issue with the network 192.168.1.0/24 not being advertised somehow.

    To assist, routing tables:
    OVPN Client:

    
0.0.0.0         privateIP   0.0.0.0         UG    0      0        0 eth0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
privateIP   0.0.0.0         255.255.192.0   U     0      0        0 eth0
192.168.1.0     10.8.0.1        255.255.255.0   UG    0      0        0 tun0

    pfSense:

    
Destination        Gateway            Flags      Netif Expire
default            172.20.19.196      UGS      ovpnc1
10.1.1.0/24        link#1             U           re0
10.1.1.2           link#1             UHS         lo0
10.8.0.0/24        10.8.0.1           UGS      ovpns2
10.8.0.1           link#7             UHS         lo0
10.8.0.2           link#7             UH       ovpns2
127.0.0.1          link#5             UH          lo0
172.20.16.0/22     172.20.19.196      UGS      ovpnc1
172.20.16.1        link#8             UH       ovpnc1
172.20.19.196      link#8             UHS         lo0
192.168.1.0/24     link#2             U           re1
192.168.1.1        link#2             UHS         lo0
192.168.8.0/24     link#9             U           ue0
192.168.8.101      link#9             UHS         lo0

    Can anyone assist please?

    Please let me know if screenshots will make this easier.

    1 Reply Last reply Reply Quote 0
    • J
      jarrad
      last edited by Dec 22, 2015, 11:08 PM

      Never mind worked it out.

      In my rule for OVPNS2 of allow all to destination all I had forced the gateway to be OVPNS instead of default, aka system routing table. This meant I was rerouting packets back out through the existing gateway and not letting pfSense handle the routing.

      Thanks all!

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received