Route between OpenVPN Delayed

[wiryono]

Hi, I have two OpenVPN server that need to communicate together

The first OpenVPN is User VPN, the second one is Site VPN.

1. The User VPN is use by one / many employee on their computer to connect to the VPN network to connect to the offsite device. This is the tunnel settings

IPv4 Tunnel Network:
10.242.50.0/24

IPv4 Local Network:
10.0.0.0/24 - Server behind OPNSense
10.254.1.0/24 - Offsite Router
172.16.0.0/12 - Offsite Server behind Offsite Router

2. The Site VPN is use by offsite router, it will pass the traffic request to device (server) behind the offsite router. This is the tunnel settings

IPv4 Tunnel Network:
10.254.1.0/24

IPv4 Remote Network
172.16.0.0/12 - Offsite Server behind Offsite Router



In Firewall > Rules > OpenVPN:
Allow User VPN to Site VPN any port, any gateway, anytime
Allow User VPN to Server IP behind Site VPN any port, any gateway, anytime

In Firewall > NAT > Outbound:
Allow User VPN to Site VPN NAT address : Interface address, any port
Allow User VPN to Server IP behind Site VPN NAT address : Interface address, any port



So when my computer connect to the User VPN I can connect to the Server IP behind Site VPN (172.16.0.0/24)   the first connection always failed no response from the server. I need to cancel ( Crtl + C ) then reconnect again and everything is working then. It looks like the VPN only add the routing table when there is connection request, which will failed on first time.

Tested on SSH, and VNC port. HTML port seems ok.
Is this the case ? Is it possible to fixed the VPN route ?

[wiryono]

Apparently the problem is when setting the NAT Address to "Interface address" in the Firewall > Nat > Outbound. The firewall is automatically set the translation and sometime it set to the incorrect translation of source address.

I have to put the Site VPN Server IP address which is the one set in the opnsense usually .1/32 and the problem gone.