NDBoost
By:
NDBoost

OpenVPN S2S Routing Between My LAN and my DO Private Lan

August 15, 2014 2.2k views

Hey everyone, not sure where to post this.. I posted this in /r/pfsense as well but figured i'd try here as well.

I'm trying to do a site-to-site vpn using openvpn and running into some routing issues.

On Premise LAN

LAN: 192.168.10.0/24
WLAN: 192.168.50.0/24
VPN Tunnel Network: 10.0.8.0/24
My PC: 192.168.10.102

Remote LAN

LAN: 10.128.0.0/16
VPN "Client": 10.128.111.99
Ubuntu Testbox: 10.128.110.115

I'm using ubuntu 14.04 w/ openvpn_as deb 0.2.10 installed on it on a digitalocean droplet.

I've got the vpn connected site to site. I can ping both ways from My PC <-> VPN Client using the VPN clients LAN IP (and not the tunnel net ip) and my IP.

Where i get the hiccup is, trying to contact any other machines on my remote lan from my on-premise lan, i can't talk to them or from them.

For example, from "ubuntu testbox" I can ping 10.128.111.99 fine. I can't ping 192.168.10.102. From my machine I cant ping 10.128.110.115.

Here is my config file that was dumped from pfsense, and here is a screenshot of my openvpn server configs.

I moved some things around, specifically I commented out pull as openvpn was throwing errors about it and tls-client when trying to connect.

That error was
Options error: Parameter --pull can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified.
Use --help for more information.

1 Answer

after a bit more testing, i think this is related to packet filtering. I've read a few other posts with similar scenario's where DO drops mismatch IP packets. for source/dest.

Have another answer? Share your knowledge.