OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • OpenVPN remote network behind ovpn client not reachable
« previous next »
  • Print
Pages: [1]

Author Topic: OpenVPN remote network behind ovpn client not reachable  (Read 875 times)

afan

  • Newbie
  • *
  • Posts: 26
  • Karma: 2
    • View Profile
OpenVPN remote network behind ovpn client not reachable
« on: January 23, 2023, 08:23:10 pm »
Hi there,

I've got following setup: https://prnt.sc/uCpJIatM6ZQc

I'm trying to get connection between the 10.0.10.25 and the 10.11.104.5 hosts. The latter is a host behind a firewall I do not control.
There's a static route set on Site2's OPNsense to allow traffic to the 10.11.104.0/24 network via the 3rd party IP address in the 10.11.10.0/24 LAN. Pinging from the 10.11.10.0/24 LAN to 10.11.104.5 works without problems.

However when I try to ping 10.11.104.5 either through the VPN tunnel, or even just on Site2's OPNsense using the (local, generated) OVPN_TS interface (setting 'Source Address'), I am unable to do so.

Working from LAN:

# /usr/sbin/traceroute -w 2 -n  -m '10' -s '10.11.10.1'   '10.11.104.5'
traceroute to 10.11.104.5 (10.11.104.5) from 10.11.10.1, 10 hops max, 40 byte packets
 1  10.11.10.2  0.118 ms  0.049 ms  0.034 ms
 2  10.11.104.5  0.192 ms  0.094 ms  0.083 ms
 
Failing from the local tunnel interface:

# /usr/sbin/traceroute -w 2 -n  -m '4' -s '10.9.1.2'   '10.11.104.5'
traceroute to 10.11.104.5 (10.11.104.5) from 10.9.1.2, 4 hops max, 40 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 
The static route that was added is reflected in the routing table: Site2's OPNsense should know where to reach the 10.11.10.0/24 network:

Proto Destination       Gateway    Flags Use MTU Netif Netif (name)
ipv4   default         77.22.44.1   UGS   NaN   1500   vmx0   WANlink       
ipv4   10.0.10.0/24   10.9.1.1   UGS   NaN   1500   ovpnc1   OVPN_TS
ipv4   10.9.1.1      link#8      UH   NaN   1500   ovpnc1   OVPN_TS
ipv4   10.9.1.2      link#8      UHS   NaN   16384   lo0      Loopback
ipv4   10.11.104.0/24   10.11.10.2   UGS   NaN   1500   vmx1   LAN
(...)

I added 'allow all' rules on the OVPN_TS interface but I'm unable to get ping to work.

Any idea what I'm doing wrong?

« Last Edit: January 23, 2023, 08:34:56 pm by afan »
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 2016
  • Karma: 194
    • View Profile
Re: OpenVPN remote network behind ovpn client not reachable
« Reply #1 on: January 24, 2023, 03:50:59 am »
Add a static route on OPNsense Site 1 for 10.11.104.0/24 via 10.9.1.2

Your reply packets go out of the WAN interface of Site 1 and are being ignored by its ISP router (on account of being RFC1918).

Bart...
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • OpenVPN remote network behind ovpn client not reachable
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2