Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN not routing to remote network
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN not routing to remote network (Read 980 times)
jogo
Newbie
Posts: 3
Karma: 0
OpenVPN not routing to remote network
«
on:
July 06, 2023, 11:39:44 am »
Hello.
I am trying to build a Site-to-Multisite configuration. There is a working setup based on an old debian-wheezy based firewall which I try to replace with OpnSense Hardware. Currently I have two DEC2685 (HQ and Site A) which I installed yesterday, and still 3 old Linux Firwalls on the other sites.
I tried to rebuild the OpenVPN-Configuration on the OpnSense. The old Firewalls are connecting but the routing to the Site-Networks don't work.
What's working:
I have a stable VPN tunnel
I can reach the Site's Firewalls from HQ through the tunnel Network
I can reach the HQ local Network from the sites
What doesn't work:
I can't reach the site's local networks from HQ, which is the most important part.
I did a tcpdump on the site, but no packages seem to come through. So I think it's a problem with the HQ firewall.
Here's a sample network setup:
VPN Network: 192.168.9.0/24
HQ:
Local Network: 192.168.10.0/24
VPN: 192.168.9.1 (assigned from OpenVPN)
Site A:
Local Network: 192.168.11.0/24
VPN: 192.168.9.6 (assigned from OpenVPN)
Here's the HQ Server Configuration:
Here's the Client Configuration for Site A:
The other sites still use the old Firewall, I won't post the config here as it should match anyways.
HQ creates an automatic route for the remote LANs:
Though I have no idea what 192.168.9.2 is.
But they are not reachable from HQ. I can only reach HQ from the Sites and Ping the Firewalls through the VPN Network.
I am aware that cipher and TLS configuration suck, this is for backward compatiblity reasons with wheezy. The configuration will be replaced in the future with another OpenVPN or WireGuard.
Also I'm aware of my Single Point Of Failure. It doesn't matter in my case because if HQ is down the VPN is useless anyways.
Logged
jogo
Newbie
Posts: 3
Karma: 0
Re: OpenVPN not routing to remote network
«
Reply #1 on:
July 06, 2023, 03:10:35 pm »
I finally solved it!
First, I removed the remote networks from the server configuration.
Then I made a Client-Specific Override for the site:
I specified a fixed ip for the site (192.168.9.11) and the remote network 192.168.11.0/24
Now I needed to set a route and gateway for this site on the server side.
I assigned an Interface to the OpenVPN Interface and created a gateway using this interface:
Then i created a static route for this site:
kostenlose bilde
It just worked magically. I somehow don't understand why, because the entry in the routing table doesn't look different than the one created automatically before.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN not routing to remote network