0

I have a strange scenario where I have 2 OpenVPN servers on my LAN (192.168.1.0/24) both over TUN. Server A (on 192.168.1.100) provides clients with addresses on the 172.16.0.0/24 subnet and Server B (192.168.1.1) provides clients with the 172.16.10/24 subnet.

Clients on the 2 OpenVPN Servers need to talk to each other. I've applied the following config to Server A:

push "route 172.16.1.0 255.255.255.0 192.168.1.1 1"

The resulting routing table entry for a client on Server A is:

172.16.1/24 192.168.1.1 UGSc 0 2 en0

On server B, I applied the config:

push "route 172.16.0.0 255.255.255.0 192.168.1.100 1"

On both servers, I made sure to allow access to the both the LAN and the other OpenVPN's networks. However, attempting to ping 172.16.1.1 on a client connected to Server A, results in "Network Unreachable." The similar occurs with a client on Server B.

If it is of any additional use, Server B resides on Pfsense. Server A is a virtualized OpenVPN Access Server.

Felix Jen
  • 403
  • 4
  • 17

2 Answers2

0

Do a traceroute from a client in your first network to a client in your other network. You will then see, how far the IP package gets. That's where you have to investigate. Also you need to make sure Pfsense (or any other firewall rules) don't drop ICPM packages, ping and traceroute while testing.

Do the clients have default routes pointing to their respective next hops (Server A and Server B respectively)?

Tomáš Pospíšek
  • 233
  • 1
  • 7
  • Trying a Traceroute from a client on Server A to a client of Server B immediately presents `traceroute: sendto: Network is unreachable` The same is true from vice versa. Static routes were added for both directions on Pfsense and firewall rules seem all clear. – Felix Jen Nov 27 '17 at 07:05
  • See here: https://serverfault.com/a/885958/387342 for a generic way to solve these kinds of problems. – Tomáš Pospíšek Nov 30 '17 at 12:46
0
  1. Both servers must have same tunnel network to connect. One side is server while other is client. This tunnel address should not be used anywhere else in your network. If it is ok then
  2. On the open vpn server side can you see the openvpn tunnel connected? In Status > Open VPN , see if the connection is up. If it is up then
  3. Try to ping the other end of the tunnel i.e. the other open vpn server end. If it works then
  4. Check the Firewall rules > open vpn tab and see if you have configured the rule to allow open vpn traffic on both ends.

Hope this help. If it does not work then share your configuration snap shots.

Umair Naqvi
  • 29
  • 7