4. Two OpenVPN Services, site2site and client

Two OpenVPN Services, site2site and client

  • E

    Hi,

    first my current situation:

    Box A:
    LAN Subnet 192.168.1.0/24
    Site2site OVPN Server 10.0.8.0/30
    User OVPN Server 10.8.8.0/24 listening on a different port

    Box B:
    LAN Subnet 192.168.0.0/24
    Site2site OVPN Client

    All my computers behind Box A can reach the computers behind Box B and the other way round, so the site2site OVPN does work.

    If i connect from somewhere to my user OVPN service I can reach everything in the Box A Subnet, but I cant reach the Subnet of Box B.

    What do I have to do so that the User OVPN Service let me reach the Subnet of Box B?

    Regards!

    0
  • M

    I registered today just to ask a very similar question to the above. Here is my setup with exact same problem. An user vpning to Site B cannot access any network resources on site A. Im piggybacking onto this thread in hopes that answers here will help both OP and me.

    0
  • M

    In order for your road warrior clients on Box A to reach the subnet behind Box B, you have to do two things:

    • Push 192.168.0.0/24 to your clients

    • Add a return route for the road warrior tunnel network (10.8.8.0/24) to the config on Box B

    Once done, your clients now know that 192.168.0.0/24 should be routed over the tunnel and Box B now knows that replies to traffic sourced from 10.8.8.0/24 will get routed over the tunnel as well.

    0
  • M

    MontanaIce, same answer with different subnets and different sites:

    • Push 10.5.0.0/16 to your clients

    • Add a return route for the road warrior tunnel network (172.16.4.0/24) to Site A

    Just to clarify, this can all done in the config on both ends.

    0
  • M

    Your reply is much appreciated. Unfortunately, I am still stuck somewhere.

    On my OpenVPN user server at site B where the road warriors are connecting to, I have custom option of push "route 10.5.0.0 255.255.0.0".  On the Site A 10.5.0.0 pfSense box, I have static route of destination network 172.16.4.0/24 and the gateway the pfSense's external IP set.

    Did I do it backwards or something?  :)

    0
  • M

    Figured it out. I was supposed to add push 172.16.4.0 255.255.0.0 to the Site-to-Site OpenVPN network settings on Site B not in the system's routing settings.

    Hitting Thanks button on your replies. :)

    0
  • M

    MontanaIce, Glad it's working!  Just wanted to point out that no manual advanced settings or static routes were required though…. if you put the relevant info into the GUI, the correct openvpn configuration statements are automatically generated.  e.g.:

    Push 10.5.0.0/16 to your clients

    This can be added to the server config in the GUI under "IPv4 Local Network/s"

    Add a return route for the road warrior tunnel network (172.16.4.0/24) to Site A

    This can be added to the client config in the GUI under "IPv4 Remote Network/s"

    This will keep everything "cleaner" and within the openvpn config.  It will also be helpful if you ever need to analyse your .conf files and/or GUI options.  Also, while it's working, I don't think you want a static route to the external IP…  I would add the relevant info to the GUI and let PFsense generate the correct directives.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy