Ask a question

479 questions

598 answers

756 comments

448 members

Ask a question
0 votes
93 views
asked in Networking by

Hello

I'm looking forward to implementing this

The Remote access to the office is working and that's not a problem, I'm stuck with the RUT955 configuration

On the office side I have a Pfsense Open VPN server fully configured (tested and working with a small pfsense router as VPN CLient within the RUT955 LAN) , then removing that router and configuring the RUT955 with all the same certificates and changing IPs for remote network on the server leaves me with the RUT955 connecting to the VPN(and disconnecting at times, don't know why) and getting a tunnel IP from the server, my problem is that I cannot ping any of the web servers from the office as I would like to do. I'm not sure if it's the firewall or the routes or both, the RUT955 is not even pinging the tunnel network IP on the server side. I wasn't able to disable the firewall completely, I just accepted a couple more  rules speccialy on the VPN zone

I follow this to configure the pfsense box for testing and it worked

https://www.netgate.com/docs/pfsense/book/openvpn/site-to-site-example-configuration-ssl-tls.html

Could you please help me?

Thanks

Regards

Pedro

2 Answers

0 votes
answered by
Hey,

What is your open vpn subnet (e.g if you connect RUT to the office, what ip address you get assigned)? What are your servers IP addresses and what is the source ip/subnet of the remove office?

Thanks,

Myky
commented by

HI Myky

Thanks for the quick answer, so a couple of updates, 

I managed to solve the vpn disconnecting every minute, it was the compression on the VPN server side, it was set to LZO I changed it to OpenVPN Defaults and it's working with no disconnections now.

This is the configuration on the Server Side Pfsense, The server gets 10.3.101.1  and the RUT955 gets 10.3.101.2

The LAN on the Pfsense Server side is 193.168.1.0/24

The LAN on the RUT955 Side is 192.168.5.0/24

The VPN config on RUT955 is 

So, from the Pfsense Web UI i'm able to ping all the devices on the Teltonika LAN network, but from the Pfsense LAn(I have a windows machine there) I cannot ping neither access any of the webservers.

I presume is something with the routes or the firewall, is there any chance to disable the RUT955 firewall completely just to test that eveythings is working and then adjust it to the neccesary rules?

This is my firewall rules

I'm not a netwrok specialist, so I'm sorry if I made some big mistake :)

Thanks for all your help and time

P

0 votes
answered by
Hey Pedro,

I guess when you running ping from the pfSense, packets are sourced from its OpenVPN IP address, hence your RUT knows how to route this traffic back (essentially the same subnet communication).

There are a couple things here. It is either  RUT does not know how to route traffic to the 192.168.1.0/24 subnet when you sourcing packets from the LAN device attached to the pfSense, or there some firewall rules (on either end) preventing traffic to flow, or combination of both.

EDIT: please use route push option on your OpenVPN server to advertise 192.168.1.0/24 to RUT

At this point, please share the routing table of both devices. Then we will do some tcpdumps/firewall rule change or/and static routes.

Thanks,

Myky