Hi try this configuration but i hace the same problem i am very confused. This is my network:
lan1 192.168.9.0 <---> pfsense1 (client openvpn) <--> pfsense2 (server openvpn) <--> lan 2 192.168.8.0 This are now with certificates my configuration files: Pfsense server: /var/etc/openvpn/server1.conf dev ovpns1 dev-type tun dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-128-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local X.X.X.X tls-server ifconfig 10.0.8.1 10.0.8.2 tls-verify /var/etc/openvpn/server1.tls-verify.php lport 1195 management /var/etc/openvpn/server1.sock unix ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.1024 comp-lzo route 192.168.9.0 255.255.255.0 push "route 192.168.8.0 255.255.255.0" /var/etc/openvpn-csc/fw-target iroute 192.168.9.0 255.255.255.0 Pfsense client: /var/etc/openvpn/client2.conf dev ovpnc2 dev-type tun dev-node /dev/tun2 writepid /var/run/openvpn_client2.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-128-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local X.X:X.X tls-client client lport 0 management /var/etc/openvpn/client2.sock unix remote X.X.X.X 1195 ifconfig 10.0.8.2 10.0.8.1 route 192.168.8.0 255.255.255.0 ca /var/etc/openvpn/client2.ca cert /var/etc/openvpn/client2.cert key /var/etc/openvpn/client2.key comp-lzo Thanks for your help. 2012/12/19 [email protected] <[email protected]>: > Ok, then no firewall rules forcing gateway, so let's try something else. > > Did you configure iroute ? > http://openvpn.net/index.php/open-source/documentation/howto.html#scope > Read : Including multiple machines on the client side when using a > routed VPN > > It might work :-p > > > Le Wed, 19 Dec 2012 15:19:25 +0100, > Cristian Del Carlo <[email protected]> a écrit : > >> Hi, >> >> Thanks for your help. >> >> Even in LAN i have : >> My firewall rules are in both pfsense: >> Action: Pass >> Interface : LAN >> Protocol: Any >> Source: Any >> Destionation: Any >> >> If i ping the tunnel from a client seem ok: >> >> ping 10.0.8.1 --> Ok >> ping 10.8.8.2 --> OK >> ping 192.168.8.X --> 100% packet loss >> >> Thanks. >> >> 2012/12/19 WolfSec-Support <[email protected]>: >> > may there are any fw rules there in LAN interface with similar >> > IP's/networks ? >> > some used this under 1.2.x and after upgrading to 2.x this caused >> > issues. >> > >> > onto routing: >> > >> > looks good >> > >> > here a similar setup of mine / 1 side: >> > >> > 192.168.253.13 link#13 UH 0 0 1500 ovpnc1 >> > 192.168.253.14 link#13 UHS 0 0 16384 lo0 >> > 192.168.0.0/16 192.168.253.13 UGS 0 4151616 1500 >> > ovpnc1 >> > 192.168.242.0/24 link#1 U 0 1191195015 1500 >> > vr0 >> > >> > rgds >> > stephan >> > >> > >> > >> > >> > 2012/12/19 Cristian Del Carlo <[email protected]> >> >> >> >> Hi, >> >> >> >> thanks for your help. >> >> >> >> My firewall rules are in both pfsense: >> >> Action: Pass >> >> Interface : Openvpn >> >> Protocol: Any >> >> Source: Any >> >> Destionation: Any >> >> >> >> This are my routing from firewall ( without public ip ): >> >> >> >> pfsense 1 - client: >> >> 10.0.8.1 link#10 UH 0 15 ovpnc2 >> >> 10.0.8.2 link#10 UHS 0 0 lo0 >> >> 192.168.8.0/24 10.0.8.1 UGS 0 45 ovpnc2 >> >> 192.168.9.0/24 link#2 U 0 37598040 em1 >> >> >> >> pfsense 2 - server: >> >> 10.0.8.1 link#9 UHS 0 0 lo0 >> >> 10.0.8.2 link#9 UH 0 72 ovpns1 >> >> 192.168.8.0/24 link#2 U 0 229122 em1 >> >> 192.168.8.1 link#2 UHS 0 0 lo0 >> >> 192.168.9.0/24 10.0.8.2 UGS 0 1 ovpns1 >> >> >> >> Could be a routing problem? >> >> >> >> >> >> 2012/12/19 WolfSec-Support <[email protected]>: >> >> > Hi, >> >> > >> >> > do you have special rules in VPN tunnel ? >> >> > make sure to open OpenVPN ruleset as necessary >> >> > >> >> > this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels >> >> > >> >> > but per default normally tunnel is open any<>any >> >> > >> >> > br >> >> > stephan >> >> > >> >> > >> >> > _______________________________________________ >> >> > List mailing list >> >> > [email protected] >> >> > http://lists.pfsense.org/mailman/listinfo/list >> >> > >> >> >> >> >> >> >> >> -- >> >> -------------------------------------------------------- >> >> >> >> Cristian Del Carlo >> >> >> >> Il testo e gli eventuali documenti trasmessi contengono >> >> informazioni riservate al destinatario indicato. La seguente >> >> e-mail è confidenziale e la sua riservatezza è tutelata legalmente >> >> dal Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della >> >> privacy). La lettura, copia o altro uso non autorizzato o >> >> qualsiasi altra azione derivante dalla conoscenza di queste >> >> informazioni sono rigorosamente vietate. Qualora abbiate ricevuto >> >> questo documento per errore siete cortesemente pregati di darne >> >> immediata comunicazione al mittente e di provvedere, >> >> immediatamente, alla sua distruzione. >> >> >> >> -------------------------------------------------------- >> >> _______________________________________________ >> >> List mailing list >> >> [email protected] >> >> http://lists.pfsense.org/mailman/listinfo/list >> > >> > >> > >> > >> > -- >> > >> > Stephan Wolf >> > >> > WolfSec >> > Rairing 65 >> > CH-8108 Dällikon >> > >> > +41 43 536 1191 >> > +41 76 566 8222 >> > http://www.wolfsec.ch >> > _______________________________________________ >> > List mailing list >> > [email protected] >> > http://lists.pfsense.org/mailman/listinfo/list >> > >> >> >> > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list -- -------------------------------------------------------- Cristian Del Carlo Il testo e gli eventuali documenti trasmessi contengono informazioni riservate al destinatario indicato. La seguente e-mail è confidenziale e la sua riservatezza è tutelata legalmente dal Decreto Legislativo 196 del 30/06/2003 (Codice di tutela della privacy). La lettura, copia o altro uso non autorizzato o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere, immediatamente, alla sua distruzione. -------------------------------------------------------- _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
