Ask a question

1802 questions

2189 answers

2855 comments

1464 members

Ask a question
0 votes
302 views
asked in Networking by

Hi,

I have some problem accessing the lan behind a rut230.

This is the situation.

Pfsense as openvpn server - Rut230 as openvpn client (no public ip address available) - tun mode

The vpn tunnel goes up just fine.

I can access every single host behind the server, but I am not able to access lan hosts (include the rut230) behind the teltonika router.

I can see the packet in the tunnel (tcpdump pfsense server) (10:59:52.732753 IP 10.0.10.1 > 192.168.2.1: ICMP echo request, id 64343, seq 505, length 64)

10.0.10.1 is the pfsense side of the tunnel

192.168.2.1 is the teltonika router (lan ip)

using tcpdump on teltonika side there is no icmp request

I added this firewall rules on rut230 (From any host in vpn To any host in lan accept forward - enabled)

So it should work, what am I missing?

Thanks

Rodolfo

1 Answer

0 votes
answered by

HI,

Change router LAN IP subnet from 2.1 to another one. Are you using TLS authentication or Static key?

According you description seems issue is related with routes, but without full configuration hard to say where you made a mistake.

You could check attached configuration example, perhaps you will find what was missed.

https://community.teltonika.lt/?qa=blob&qa_blobid=3108171076362012181

commented by
thanks for the answer

why i should change lan ip subnet? just curios

this is the routing part from pfsense server

192.168.2.0/24     10.0.10.2          UGS      ovpns3 (10.0.10.0/24 is the tunnel 1-> pfsense 2-> teltonika)

routing from teltonika

0.0.0.0         10.64.64.64     0.0.0.0         UG        0 0          0 3g-ppp
10.0.10.0       0.0.0.0         255.255.255.0   U         0 0          0 tun_c_naq
10.64.64.64     0.0.0.0         255.255.255.255 UH        0 0          0 3g-ppp
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 br-lan
192.168.100.0   10.0.10.1       255.255.255.0   UG        0 0          0 tun_c_naq
192.168.110.0   10.0.10.1       255.255.255.0   UG        0 0          0 tun_c_naq

I am using tls authentication with certificate
commented by

why i should change lan ip subnet? just curios

By default router use 2.0 subnet for Hotspot.

I am using tls authentication with certificate

Please check this part in your server, this config is responsible for correct routes from server to client.