Show Posts
1
Virtual private networks / OPNsense openvpn client connection to Orbi router - please help!
« on: June 21, 2024, 04:28:12 pm »
Hi all,
I have been pulling my hair out all week trying to work this out, I used to have a zerotier vpn connection setup that was great. The problem is my proxmox server behind the firewall sometimes drops out after a powercut so I started to work out how I can get onto the home network without any devices being online. I have a netgear orbi with openvpn setup and seems to work ok with windows clients. So I have tried to setup a client connection from opnsense.
The tunnel connects ok (using tun for now but the tap connection gives the same problem)
the client gets a virtual ip in the range of 192.168.2.0/24 with gateway of 192.168.2.1
home network is the range of 192.168.1.0/24 with router on 192.168.1.1
Remote network opnsense 10.0.0.0/24 with opnsense 10.0.0.1
netstat -nr shows:
I cannot ping anything even the virtual gateway at the far side of the tunnel 192.168.2.1, I have tried a packet capture but all packets go out but nothing is ever returned.
The OVPNInterface is showing sent packets but no received packets, no dropped or blocked packets in firewall stats either.
I have tried playing with MTU making it smaller no difference, the packets seem to get sent out but never returned, diagnosing at the server end is not possible as its a consumer device. Any ideas of how to diagnose this further as it doesn't look like a firewall or router issue.
OpenVPN config for brevity
Thanks
Steve
I have been pulling my hair out all week trying to work this out, I used to have a zerotier vpn connection setup that was great. The problem is my proxmox server behind the firewall sometimes drops out after a powercut so I started to work out how I can get onto the home network without any devices being online. I have a netgear orbi with openvpn setup and seems to work ok with windows clients. So I have tried to setup a client connection from opnsense.
The tunnel connects ok (using tun for now but the tap connection gives the same problem)
the client gets a virtual ip in the range of 192.168.2.0/24 with gateway of 192.168.2.1
home network is the range of 192.168.1.0/24 with router on 192.168.1.1
Remote network opnsense 10.0.0.0/24 with opnsense 10.0.0.1
netstat -nr shows:
Code: [Select]
Internet:
Destination Gateway Flags Netif Expire
default 176.253.120.1 UGS re0
10.0.0.0/24 link#6 U ue0
10.0.0.1 link#6 UHS lo0
75.2.84.193 192.168.2.1 UGHS ovpnc2
90.207.238.159 176.253.120.1 UGHS re0
90.207.238.160 176.253.120.1 UGHS re0
99.83.191.32 192.168.2.1 UGHS ovpnc2
127.0.0.1 link#2 UH lo0
176.253.120.0/22 link#1 U re0
176.253.120.189 link#1 UHS lo0
192.168.1.0/24 192.168.2.1 UGS ovpnc2
192.168.2.0/24 link#8 U ovpnc2
192.168.2.2 link#8 UHS lo0
I have firewall rules on openvpn and the gateway set to allow all both directions, I even tried setting up NAT rules but not sure that is necessary for just site to site.I cannot ping anything even the virtual gateway at the far side of the tunnel 192.168.2.1, I have tried a packet capture but all packets go out but nothing is ever returned.
The OVPNInterface is showing sent packets but no received packets, no dropped or blocked packets in firewall stats either.
I have tried playing with MTU making it smaller no difference, the packets seem to get sent out but never returned, diagnosing at the server end is not possible as its a consumer device. Any ideas of how to diagnose this further as it doesn't look like a firewall or router issue.
OpenVPN config for brevity
Code: [Select]
client
dev ovpnc1
remote my.server
persist-tun
persist-key
dev-type tun
dev-node /dev/tun1
script-security 3
writepid /var/run/ovpn-instance-30501ede-c3df-4afa-86f7-971fb35b5ea9.pid
daemon openvpn_client1
management /var/etc/openvpn/instance-30501ede-c3df-4afa-86f7-971fb35b5ea9.sock unix
proto udp
verb 4
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
port 12973
tun-mtu 1000
route 192.168.1.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
<ca>
Thanks
Steve
