0

Dears,

I am relatively new to Open vpn , by reading through forums i have tried may of the suggestions, but still not able to get it work. I am trying to have a Site To Site VPN , with Open VPn Access Server on Azure. Site A and Site B will have open VPN client configured on pfsense. Windows machines on the Site A and Site B are able to ping the Open VPN Access Server Internal Ip (10.0.0.4), But Windows machines on Site A LAN is not able to reach the Site B LAN desktop and vice versa. Please find the below configuration i have added.

Vm on Azure (open VPN Access Server) OS: ubuntu Added Routes on virtual network:

Address Prefix: 192.168.50.0/24 , NEXT Hop: 10.0.0.4 Open VPN Access Server Installed with Below Settings Internal IP :10.0.0.4 VPN Client Subnet: 192.168.59.0/24 VPN Mode: Layer 3 (routing/NAT) Should VPN Clients Have Acess to private Subnets: Yes, using routing rounting (Advanced) Private subnets to whcihc clients should be given access: 10.0.0.4/24 Server Config Directives push "route 10.0.0.0 255.255.255.0" push "route 192.168.10.0 255.255.255.0" push "route 192.168.40.0 255.255.255.0" push "route 192.168.50.0 255.255.255.0" route 192.168.10.0 255.255.255.0 route 192.168.40.0 255.255.255.0 route 192.168.50.0 255.255.255.0 client-to-client User Permissions:

Site A user: Authentication :Local Configure VPN Gateway:Yes Allow Client to act as a VPN gateway for this client side subnets: 192.168.10.0/24 Site B user: Authentication :Local Configure VPN Gateway:Yes Allow Client to act as a VPN gateway for this client side subnets: 192.168.50.0/24

Open VPN Client on PFSense Router: PFSense Open VPN Client Config

Site A Internal Ip :192.168.10.0/24 Tunnel Network:192.168.59.0/24 Remote Network:192.168.50.0/24,10.0.0.0/24 Custom Options: route 192.168.10.0 255.255.255.0

Site B Internal Ip :192.168.50.0/24 Tunnel Network:192.168.59.0/24 Remote Network:192.168.10.0/24,10.0.0.0/24 Custom Options: route 192.168.50.0 255.255.255.0

Lan Interface Rules on both firewall. Default Allow LAN T0 any rules , Gateway is Open VPN Client Interface

Added Outbound rules on both Site A and Site B (SiteB Lan ip will be 192.168.50.0/24) Interface : OPEN-VPN Interface Address , Source :127.0.0.1/8 ,port:, Destination :,Port: 500(ISAKMP) NAT Address :OPEN-VPN Interface Address

Interface : OPEN-VPN Interface Address , Source :127.0.0.1/8 ,port:, Destination :,Port: * ,NAT Address :OPEN-VPN Interface Address

Interface : OPEN-VPN Interface Address , Source :192.168.10.0/24,port:, Destination :,Port: 500(ISAKMP) NAT Address :OPEN-VPN Interface Address

Interface : OPEN-VPN Interface Address , Source :192.168.10.0/24,port:, Destination :,Port: * ,NAT Address :OPEN-VPN Interface Address

Piyush
  • 1
  • 1
  • Machine on Site B is Able to Acess the Desktop on Site A, we need to add the route on client Custom options in Pfsense open vpn client, example – Piyush Oct 03 '19 at 07:50

1 Answers1

0

Machine on Site B is Able to Acess the Desktop on Site A, we need to add the route on client Custom options in Pfsense open vpn client, example Route 192.168.10.0 255.255.255.0 10.0.0.4

Piyush
  • 1
  • 1
  • But i am trying to connect a SIP phone (3CX) from Site B to Avaya IP Office V2 on Site A, this don't seem to connect , don't know if Avaya Ip Office needs some additional configuration for it – Piyush Oct 03 '19 at 07:53