OpenVPN Site to Site Issue

Technical Support
#1

Hi,
I have just bought a GL-AR1300LTE and so far I am very impressed! It was easy to setup and connected to the internet.

I run an OpenVPN server at home and I am trying to set up a site to site OpenVPN. The traffic flows from the GL LAN (192.168.4.x) to my LAN (192.168.1.x), but I can’t get the traffic to flow the other way. I haven’t setup any static routes (I think I need some but I am not entirely sure what I would need).

I have attached a diagram of the setup including the IP addresses / masks in question.

From the OpenVPN server firewall logs I can see the traffic is being passed correctly, so I am fairly sure the config issue is on the GL-AP1300.

Any help welcome! Thanks

openvpn
openvpn1080×720 8.75 KB

#2

You should set up routing but I am not good at this.

But, if you are using firmware 3.105, you can use TAP proto in your openvpn setup. Then AP1300 will bridge its client to the server.

In your setup, the client will get 10.11.0.x IP directly instead of 192.168.4.100.

1 Like
#3

That’s an interesting idea. I’ll take a look! Thank you

#4

Ok so I don’t think the tap option is going to work for what I want unfortunately :frowning:

Could anyone give me any pointers for the routing? Or any idea which forum might be better suited to this?

Thanks!

#5

I finally fixed this today and hopefully this resolves the issue for other threads about site to site with pf/OPNSense as the VPN server.

Turns out you need to create a Client Specific Override:

(from this page: https://medium.com/@gmanual/pfsense-mikrotik-openvpn-site-to-site-b001c105843c)

A client specific override is added to the pfSense OpenVPN configuration, this is matched based on the certificate name the client is using, it’s best practice to use unique names/certificates for each client during implementation which identify the site/client clearly.

Because the OpenVPN client should be connected you can use the pfSense OpenVPN status page to copy and paste the exact certificate name of the connected OpenVPN client. Important settings are as follows:

  • Common Name is set to the client certificate name.
  • iroute for each remote network of that client is added in the Advanced field.

The OpenVPN server is restarted to force the OpenVPN client to reconnect and apply the changes, the network routes will now appear in the OpenVPN routing table in the status page.

1 Like