nccguys
asked on
PFSense OpenVPN push route problem
Can somebody please explain whats going wrong with my push route command. Setup is fairly simple. WAN = x.x.x.x LAN = 10.79.10.0/24 and I used 10.79.40.0/24 for the OpenVPN subnet. I then did a push route for the 10.79.10.0/24 subnet. The OpenVPN clients can connect and get an IP address in the .40 subnet but they cannot ping address in the local (.10) subnet.
Here is my server config
writepid /var/run/openvpn_server0.p
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher AES-256-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
client-to-client
server 10.79.40.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
push "route 10.79.10.0 255.255.255.0"
lport 1194
ca /var/etc/openvpn_server0.c
cert /var/etc/openvpn_server0.c
key /var/etc/openvpn_server0.k
dh /var/etc/openvpn_server0.d
comp-lzo
Any thoughts?
Here is my server config
writepid /var/run/openvpn_server0.p
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher AES-256-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
client-to-client
server 10.79.40.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
push "route 10.79.10.0 255.255.255.0"
lport 1194
ca /var/etc/openvpn_server0.c
cert /var/etc/openvpn_server0.c
key /var/etc/openvpn_server0.k
dh /var/etc/openvpn_server0.d
comp-lzo
Any thoughts?
ASKER
Shouldn't be a firewall issue. Since this is in a test environment, both the WAN and LAN interfaces are completely open. (any any any etc) Just to summarize:
WAN: X.X.X.X Currently its a private address in a test environment but I tested on a WAN address with same results. (ie, fear of NAT and routing issues with private addresses)
LAN: 10.79.10.0/24 Local network on LAN port.
OpenVPN subnet 10.79.40.0/24 The empty subnet used for OpenVPN clients connecting in.
What seems different with OpenVPN as compared to an IPSec or PPTP in PFSense is there is no interface associated with OpenVPN so I have no way of doing any firewall rules for the .40.0/24 OpenVPN subnet.
Here are several externally hosted screenshots that should really help out with troubleshooting:
http://host.atomiklan.com/1.png (Shows the OpenVPN server front page)
http://host.atomiklan.com/2.png (Shows the OpenVPN detailed configurations)
http://host.atomiklan.com/3.png (Shows the LAN firewall rules)
http://host.atomiklan.com/4.png (Shows the WAN firewall rules()
http://host.atomiklan.com/5.png (Shows an IP config command on the client computer that is connected to the OpenVPN server)
http://host.atomiklan.com/6.png (Shows the OpenVPN client log window upon successful connection)
http://host.atomiklan.com/7.png (Shows the routing table on the Client computer)
http://host.atomiklan.com/8.png (Shows the routing table on the OpenVPN server)
http://host.atomiklan.com/8.png (Shows IP address assigned to the Client upon successful connection)
WAN: X.X.X.X Currently its a private address in a test environment but I tested on a WAN address with same results. (ie, fear of NAT and routing issues with private addresses)
LAN: 10.79.10.0/24 Local network on LAN port.
OpenVPN subnet 10.79.40.0/24 The empty subnet used for OpenVPN clients connecting in.
What seems different with OpenVPN as compared to an IPSec or PPTP in PFSense is there is no interface associated with OpenVPN so I have no way of doing any firewall rules for the .40.0/24 OpenVPN subnet.
Here are several externally hosted screenshots that should really help out with troubleshooting:
http://host.atomiklan.com/1.png (Shows the OpenVPN server front page)
http://host.atomiklan.com/2.png (Shows the OpenVPN detailed configurations)
http://host.atomiklan.com/3.png (Shows the LAN firewall rules)
http://host.atomiklan.com/4.png (Shows the WAN firewall rules()
http://host.atomiklan.com/5.png (Shows an IP config command on the client computer that is connected to the OpenVPN server)
http://host.atomiklan.com/6.png (Shows the OpenVPN client log window upon successful connection)
http://host.atomiklan.com/7.png (Shows the routing table on the Client computer)
http://host.atomiklan.com/8.png (Shows the routing table on the OpenVPN server)
http://host.atomiklan.com/8.png (Shows IP address assigned to the Client upon successful connection)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cryptography mis-configured
Push route command is successful. Layer 3 communication now successful. Thank you everyone for helping.
Push route command is successful. Layer 3 communication now successful. Thank you everyone for helping.
To show the routing table on windows do:
route print
To show the routing table on linux do:
route -n