OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of jmarner »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - jmarner

Pages: [1]
1
23.7 Legacy Series / Re: [SOLVED] OpenVPN "FreeBSD ifconfig failed: external program exited..."
« on: June 02, 2024, 08:09:24 am »
Thanks for posting this! I had the same issue, it seems to persist regardless of the new "instance" vs the legacy system.

In my case, I had to disable the route that existed (apparently it was conflicting). I had created an interface on top of the OpenVPN connection and that was doing weird stuff.

2
Virtual private networks / Re: OpenVPN Site-to-Site always using first tunnel address as routing gateway
« on: January 31, 2022, 11:44:38 pm »
This isn't quite what my setup is. I have two different networks in addition to the main one. I can make your setup work by forcing the one remote network to have the x.x.x.2 address, and letting the other mobile clients just take the higher ips. The problem is when I want to route a third subnet to a different vpn client ip.

Also yes I am using OpenVPN and not WireGuard, so it's possible that this is an OpenVPN-specific bug. But honestly it could be common across both, because your setup described seems like you're only routing to 10.8.0.2/32 which always works for me.

3
Virtual private networks / OpenVPN Site-to-Site always using first tunnel address as routing gateway
« on: January 22, 2022, 11:29:03 pm »
I have an OpenVPN server set up in one location, and 2 remote sites that I am trying to set up a site-to-site with.

Server Settings:
Tunnel Network: 10.x.x.0/24
Local Network: 192.168.x.0/24
Remote Network: 192.168.y.0/24,192.168.z.0/24

Client Specific Overrides:
Client Y:
Tunnel Network:
Local Network:
Remote Network: 192.168.y.0/24

Client Z:
Tunnel Network:
Local Network:
Remote Network: 192.168.z.0/24

OpenVPN Connection Status:
Laptop Virtual Address: 10.x.x.2
Client Y Virtual Address: 10.x.x.3
Client Z Virtual Address: 10.x.x.4

However, when I look at the routing table, I see the following:
Destination: 192.168.y.0/24 Gateway: 10.x.x.2 (wrong, should be .3)
Destination: 192.168.z.0/24 Gateway: 10.x.x.2 (wrong, should be .4)

This is despite the fact that neither one of them use 10.x.x.2 as their ip address. If I FORCE one of the remote sites to use 10.x.x.2 (using "ifconfig-push 10.x.x.2 255.255.255.0"), it works for that one. But of course I cannot force both of my Sites to use the same tunnel address. I have also tried overriding the tunnel address but that doesn't work either.

This seems like it has to be a bug. Either the route builder is pulling the ip address from the wrong place, or it should be routing those subnets to the OpenVPN server at 10.x.x.1 instead to hand off routing.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2