I run into difficulties configuring OpenVPN server and client.
Here is my setup:
OpenVPN server on FreeBSD 12
server.conf
OpenVPN client is Mikrotik router. It also have local network 192.168.1.0/24.
As result tunnel established successfully, server with tunnel interface tun0 and address 10.8.0.1.
Client router get address 10.8.0.2. Server can ping router (10.8.0.1<-->10.8.0.2) and router and clients in 192.168.1.0/24 can ping server with address 10.8.0.1.
But server can't reach clients in 192.168.1.0/24 e.g.
I'm not sure 100% that is server problem (route or firewall configuration). But that is easiest part that I can check. Maybe I miss some nat rule with pf? Or wrong routes on server?
Also on server were added route
And pf.conf on server:
I will be grateful for any help
Here is my setup:
OpenVPN server on FreeBSD 12
server.conf
Code:
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
#########
#for internet on clients:
#also check pf rules
#push "dhcp-option DNS 208.67.222.222"
#push "dhcp-option DNS 208.67.220.220"
#push "redirect-gateway def1 bypass-dhcp"
#########
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
cipher AES-256-CBC
auth SHA1
;compress lz4-v2
;push "compress lz4-v2"
;comp-lzo
max-clients 10
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 6
#explicit-exit-notify 1
OpenVPN client is Mikrotik router. It also have local network 192.168.1.0/24.
As result tunnel established successfully, server with tunnel interface tun0 and address 10.8.0.1.
Client router get address 10.8.0.2. Server can ping router (10.8.0.1<-->10.8.0.2) and router and clients in 192.168.1.0/24 can ping server with address 10.8.0.1.
But server can't reach clients in 192.168.1.0/24 e.g.
ping 192.168.1.1
not working! I'm not sure 100% that is server problem (route or firewall configuration). But that is easiest part that I can check. Maybe I miss some nat rule with pf? Or wrong routes on server?
Also on server were added route
route add -net 192.168.1.0/24 10.8.0.2
And pf.conf on server:
Code:
ext_if=vmx0
int_if=lo0
tcp_services = "{rdp, smtp, domain, www, auth, snmp, 5432, openvpn}"
udp_services = "{domain, ntp, snmp}"
vpn_if=tun0
vpn_net="10.8.0.0/24"
table <bruteforce> persist
set loginterface $ext_if
set block-policy return
set skip on $int_if
scrub in all
#OpenVPN rules
#nat for openvpn clients internet
#nat on ! $vpn_if from $vpn_net to any -> $ext_if
#nat on $vpn_if from localhost to "192.168.1.0/24" -> $vpn_if
pass quick on $vpn_if
antispoof quick for $ext_if inet
antispoof for $int_if
#filtering rules
block in all
block in quick inet6 all
block log quick from <bruteforce> to any
...
I will be grateful for any help