OPNsense Forum

English Forums => General Discussion => Topic started by: lkudlacek on December 15, 2016, 11:21:32 pm

Title: [SOLVED] The problem with routing of OpenVPN
Post by: lkudlacek on December 15, 2016, 11:21:32 pm: Hello,

I need to create route between two networks and I don`t know how to...

WAN: xyz
LAN: 192.168.10.100

Open VPN server on OPNSense: 192.168.50.1

A client is connected to VPN with IP for example 192.168.50.2 - that works.
And I need the following:

- client in network 192.168.50.0 has to connect to network 192.168.10.0

It is simply but I don`t know... Can I get any advice, please? :-)
Thanks
Title: Re: The problem with routing of OpenVPN
Post by: chemlud on December 16, 2016, 09:08:42 am: Do you have any firewall rules on the openvpn tab?
Title: Re: The problem with routing of OpenVPN
Post by: lkudlacek on December 16, 2016, 11:05:47 am: Tab LAN:
         Proto    Source    Port    Destination    Port    Gateway    Schedule    Description
      *      *      *      LAN Address 80
22      *         Anti-Lockout Rule
      IPv4 *      *      *      *      *            Default allow LAN to any rule

Tab OPENVPN:

        Proto    Source    Port    Destination    Port    Gateway    Schedule    Description
      IPv4 *    *    *    *    *    *
Title: Re: The problem with routing of OpenVPN
Post by: bartjsmit on December 16, 2016, 12:54:22 pm: Is OPNsense the default gateway for hosts on the 192.168.10.0/24 network?

Do you have 'Redirect Gateway' enabled on the OpenVPN tunnel settings?

Are the network masks for each subnet set to /24 on all devices?

Bart...
Title: Re: The problem with routing of OpenVPN
Post by: lkudlacek on December 17, 2016, 04:55:54 am: Quote
Is OPNsense the default gateway for hosts on the 192.168.10.0/24 network?
Where can I get this information, please?
EDIT: No...default gateway for hosts in network 192.168.10.0/24 is 192.168.10.31. OPNsense has LAN IP 192.168.10.100

Quote
Do you have 'Redirect Gateway' enabled on the OpenVPN tunnel settings?
No...I enabled "redirect gateway" now in VPN -> OpenVPN -> Servers -> 'My settings'

Quote
Are the network masks for each subnet set to /24 on all devices?
Yes...192.168.10.0/24 and 192.168.50.0/24, too.
Title: Re: The problem with routing of OpenVPN
Post by: lkudlacek on December 17, 2016, 05:17:53 pm: I discovered that afted connect to VPN ping answers on LAN interface:

I get IP 192.168.50.2 (openVPN IP) and ping answers to 192.168.10.1 (The IP on my LAN interface in OPNsense)
But I don`t see more machines in network 192.168.10.0/24..I see only LAN interface on my OPNsense.

Any firewall rule yet?
My routing table on my local machine when "Redirect Gateway" is enabled on OPNsense server.

Destination Gateway Genmask Flags Metrik Ref Use Iface
default 192.168.50.1 128.0.0.0 UG 0 0 0 tun0
default 192.168.2.1 0.0.0.0 UG 100 0 0 enp2s0
192.168.10.0 192.168.50.1 255.255.255.0 UG 0 0 0 tun0
192.168.50.0 * 255.255.255.0 U 0 0 0 tun0
128.0.0.0 192.168.50.1 128.0.0.0 UG 0 0 0 tun0
link-local * 255.255.0.0 U 1000 0 0 enp2s0
192.168.2.0 * 255.255.255.0 U 100 0 0 enp2s0
xxx.xxx.xxx.xxx 192.168.2.1 255.255.255.255 UGH 0 0 0 enp2s0 (xxx.xxx.xxx.xxx = public IP OPNsense server)

192.168.2.0/24 = my local network at home
Title: Re: The problem with routing of OpenVPN
Post by: lkudlacek on December 17, 2016, 06:10:35 pm: My routing table (on my local computer) when "Redirect Gateway" is not enabled on OPNsense server:

Destination Gateway Genmask Flags Metrik Ref Use Iface
default 192.168.2.1 0.0.0.0 UG 100 0 0 enp2s0
192.168.10.0 192.168.50.1 255.255.255.0 UG 0 0 0 tun0
192.168.50.0 * 255.255.255.0 U 0 0 0 tun0
link-local * 255.255.0.0 U 1000 0 0 enp2s0
192.168.2.0 * 255.255.255.0 U 100 0 0 enp2s0
Title: Re: The problem with routing of OpenVPN
Post by: lkudlacek on December 17, 2016, 06:19:35 pm: Quote
Is OPNsense the default gateway for hosts on the 192.168.10.0/24 network?
No...default gateway for hosts in network 192.168.10.0/24 is 192.168.10.31

OPNsense has LAN IP 192.168.10.100

Routing table on OPNsense server
# netstat -rn
Routing tables

Internet:
Destination Gateway Flags Netif Expire
default <my public gateway> UGS bge0
192.168.10.0 link#2 U bge1
192.168.10.100 link#2 UHS lo0
192.168.50.0 192.168.50.1 UGS ovpns1
192.168.50.1 link#7 UHS lo0
192.168.50.2 link#7 UH ovpns1 (OVPN client = my local machine)
127.0.0.1 link#6 UH lo0
<my public network>/30 link#1 U bge0
<my public IP> link#1 UHS lo0

From this server the ping answers to virtual machines in network 192.168.10.0/24. From this server ping works.
From my local machine (after connecting to openvpn) doesn`t work. (the ping answers only to IP 192.168.10.100 = LAN interface on OPNsense server)

What is it for gateway link#1, link#2 ...what is IP, please?
Title: Re: The problem with routing of OpenVPN
Post by: lkudlacek on December 18, 2016, 01:15:52 pm: Wow....It is working now!!

The key question was:
"Is OPNsense the default gateway for hosts on the 192.168.10.0/24 network?"

The solution:
If OPNsense is not default gateway for network 192.168.10.0/24 then it is need to create this gateway.
Default gateway for network 192.168.10.0/24 is 192.168.10.31 (in my example).

I created in OPNsense new gateway:

System > Gateways > All ---> Add Gateway
Interface: LAN
Address Family: IPv4
Name: Test
Gateway: 192.168.10.31
........
SAVE

In Interface LAN:
Interfaces > LAN > scroll down to IPv4 Upstream Gateway > choose "Test"
SAVE

Done...

Thanks very much for help "bartjsmit".
+
Title: Re: [SOLVED] The problem with routing of OpenVPN
Post by: Jeromeb on April 24, 2021, 09:49:07 am: OMG! Thx i haved the same problem, you save my life dude!