Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Access network behind an OpenVPN client? P2P setup: Need manual route?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Access network behind an OpenVPN client? P2P setup: Need manual route? (Read 10961 times)
CDuv
Newbie
Posts: 45
Karma: 2
Access network behind an OpenVPN client? P2P setup: Need manual route?
«
on:
November 24, 2016, 06:34:34 pm »
Hello,
I have configured a "Peer-to-Peer" OpenVPN connection between
Site A
where a OPNsense 16.7 is acting as the VPN server and
Site B
where a Debian machine acts as the VPN client.
My final goal is that the Debian machine acts as a gateway for any machine residing in Debian's LAN and wants to access a machine residing on the OPNsense's LAN (and vice-versa).
Here is a schema of the desired networks
⁞ ⁞
Site A Site B
10.1.0.0/16 ⁞ ⁞ 10.2.0.0/16
┌──────────┐ ⁞ ⁞ ┌────────┐
│ OPNsense •-----►( Internet )◄-----• Site B │
│ (OpenVPN │ ⁞ ⁞ │ router │
│ server) │ └─•──────┘
└────────•─┘ ⁞ ⁞ |10.2.0.1
10.1.0.1| |
(192.168.9.1)| ⁞ ⁞ | ┌───────────────┐
| ├--------------• Debian server │
┌────────────┐ | ⁞ ⁞ | 10.2.0.2│ (OpenVPN │
│ Station A1 •--┤ | (192.168.9.2)│ client) │
└────────────┘ | ⁞ ⁞ | └───────────────┘
| | ┌────────────┐
┌────────────┐ | ⁞ ⁞ ├--• Station B1 │
│ Station A2 •--┤ | └────────────┘
└────────────┘ | ⁞ ⁞ |
| | ┌────────────┐
| ⁞ ⁞ ├--• Station B2 │
| | └────────────┘
| ⁞ VPN network ⁞ |
├~~~~~~~~~~~~~~~~~~~~~~~~~~~~┤
⁞ 192.168.9.0/30 ⁞ |
⁞ ⁞
OpenVPN configuration (on OPNsense):
Server Mode: Peer to Peer
Protocol: UDP
Device Mode: tun
IPv4 Tunnel Network:
192.168.9.0/30
IPv4 Local Network:
10.1.0.0/16
(the LAN of Site A /
OPNsense
side)
IPv4 Remote Network:
10.2.0.0/16
(the LAN of Site B /
Debian server
side)
Client Settings>Dynamic IP: checked
Client Settings>Address Pool: checked
Client Settings>Topology: checked
Once client connects, both ends have the following IP addresses in the tunnel network:
*
OPNsense
:
192.168.9.1/30
*
Debian server
:
192.168.9.2/30
All Stations uses their respective router as their main gateway.
Clients
A1
and
A2
uses
10.1.0.1
(
OPNsense
)
Clients
B1
,
B2
and
Debian server
uses
10.2.0.1
(
Site B router
)
On Debian I have enabled IP forwarding:
Code:
[Select]
echo 1 > /proc/sys/net/ipv4/ip_forward
On
Site B router
(
10.2.0.1
), I have added a static route to
10.1.0.0/16
(Site A's LAN) via
10.2.0.2
(Debian server)
From both
OPNense
and
Debian server
I can ping each other using
192.168.9.x/30
(tunnel network)
From
Debian server
, I can ping and access (eg. HTTP) any IP address belonging to
10.1.0.0/16
.
From
OPNense
, I can't ping Debian server using it's
10.2.0.2
IP address (
problem number 1
) nor any other IP belonging to
10.2.0.0/16
(
problem number 2
).
From
Station B1
, a
traceroute
shows that traffic to
10.1.0.0/16
uses
10.2.0.1
(
Site B router
, but traffic does not reach it's destination (
problem number 3
).
For problem number 1:
I guess I have to add a route on
OPNsense
because I can't see any route for
10.2.0.0/16
on the OPNsense web GUI "System Routing Table" (/ui/diagnostics/interface/routes/).
To add such route, a gateway is required, so I must also create that gateway.
But on which interface should this gateway be?
I have "pending" new interface "ovpns1" in "Interfaces: Assignments" (/interfaces_assign.php) but don't know if I can/should assign it.
Thanks for your help.
Edit: Added a map and color.
«
Last Edit: November 26, 2016, 04:01:31 am by CDuv
»
Logged
ErAzOr
Newbie
Posts: 2
Karma: 0
Re: Access network behind an OpenVPN client? P2P setup: Need manual route?
«
Reply #1 on:
May 13, 2017, 01:25:36 pm »
hi,
I'm exactly in the same situation.
I'm able to ping from OpenVPN Clients to cloents behind OpenVPN Server. But I'm not able to ping OpenVPN Client from OpenVPN server.
Did you find a solution?
Logged
pingus
Newbie
Posts: 25
Karma: 2
Re: Access network behind an OpenVPN client? P2P setup: Need manual route?
«
Reply #2 on:
May 15, 2017, 02:16:41 pm »
Try to add a Client exception with the remote subnet readded as already done within the server settings.
Edit: If this is possible with version 16. I only "know" version 17
«
Last Edit: May 15, 2017, 02:19:54 pm by pingus
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Access network behind an OpenVPN client? P2P setup: Need manual route?