16
22.7 Legacy Series / Re: OpenVPN server routes not fully learned?
« on: September 07, 2022, 06:40:37 am »
changed to WireGuard VPN -> Site2Site works -> me happy :-)
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: 1 [2]
17
22.7 Legacy Series / Re: OpenVPN server routes not fully learned?
« on: September 04, 2022, 01:54:56 pm »
Maybe a picture from server side learned routes does help? (see attachment) Imho it should show there the route for 192.168.770/24 to that particular client
18
22.7 Legacy Series / Re: OpenVPN server routes not fully learned?
« on: September 02, 2022, 01:00:59 pm »
Update:
seems not to be a firewall rules issue. As also cannot ping when pfctl -d
So think firewall issue should be off the table :-)
Found out that I can reach the local subnet on the ovenvpn server side from the local subnet behind the openvpn client. But I cannot reach the local sub behind client from the sub behind server (also the server itself cannot reach it not just clients behind the server). It smells somehow inconsistent but I'm running out of ideas what else to try. Both client and server are opnsenses and are connected via a openvpn site2site Setup
seems not to be a firewall rules issue. As also cannot ping when pfctl -d
So think firewall issue should be off the table :-)
Found out that I can reach the local subnet on the ovenvpn server side from the local subnet behind the openvpn client. But I cannot reach the local sub behind client from the sub behind server (also the server itself cannot reach it not just clients behind the server). It smells somehow inconsistent but I'm running out of ideas what else to try. Both client and server are opnsenses and are connected via a openvpn site2site Setup
19
22.7 Legacy Series / OpenVPN server routes not fully learned?
« on: September 01, 2022, 09:25:47 am »
Hello
running latest OPNsense 22.7_4-amd64 and having an issue with routing via a openvpn connection. I setup openvpn server on opnsense and added the remote network in question (192.168.77.0/24) to server settings in "IPv4 Remote Networks" and to the correct "Client specific overwrite". When the client connects to the server I can see that the route is learned to main routing table.
If I check the routing table on server in VPN > connection Status > Routing table I cannot see the route for that network.
From what I know from other openvpn on other opnsense boxes there should be the route to that network displayed. So it seems to me that openvpn does not learn the route internally.
any idea how I could solve this / why the route is not displayed in connection status page?
If more details are needed I'm happily provide it on request :-)
Thanks for any hint
Cheers
tobi
running latest OPNsense 22.7_4-amd64 and having an issue with routing via a openvpn connection. I setup openvpn server on opnsense and added the remote network in question (192.168.77.0/24) to server settings in "IPv4 Remote Networks" and to the correct "Client specific overwrite". When the client connects to the server I can see that the route is learned to main routing table.
Code: [Select]
root@OPNsense:~ # route -n get 192.168.77.130
route to: 192.168.77.130
destination: 192.168.77.0
mask: 255.255.255.0
gateway: 10.230.0.2
fib: 0
interface: ovpns2
flags: <UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1500 1 0
10.230.0.2 is the vpn ip of the correct client. I can ping it. But if I try to ping an ip in 192.168.77.0/24 there is no response. If I tcpdump on the client I cannot see one paket coming in on the openvpn connection.If I check the routing table on server in VPN > connection Status > Routing table I cannot see the route for that network.
From what I know from other openvpn on other opnsense boxes there should be the route to that network displayed. So it seems to me that openvpn does not learn the route internally.
any idea how I could solve this / why the route is not displayed in connection status page?
If more details are needed I'm happily provide it on request :-)
Thanks for any hint
Cheers
tobi
Pages: 1 [2]