OpenVPN site to site tunnel online pfsense openvpn client to Softether Server, L3 IP routing doesn't work
Posted: Thu Oct 25, 2018 4:53 am
Hi all
First and foremost I'm a medium-intermediate developer that has been doing a lot of networking lately, but I consider myself novice-intermediate in the later.
So I've confirmed that I have an online tunnel from my pfsense firewall client connecting to a Softether server in AWS. Here is an openvpn log from the pfsense openvpn client.
The intention is to access seamlessly the aws network within our office.
But the "red" network path is not working, while the green ones do. I suspect my L3 IP routing switch configuration might not be right:
Here is what I know:
- I can ping from my laptop to my pfsense firewall, I can also ssh to my softether instance in aws and ping the 10.208.37.167 server from there no problem.
- I set a virtual interface to the appropriate virtual hub without conflicting subnets.
Any help you can provide will be greatly appreciated, my apologies for the rough documentation or ignorance I could portray.
First and foremost I'm a medium-intermediate developer that has been doing a lot of networking lately, but I consider myself novice-intermediate in the later.
So I've confirmed that I have an online tunnel from my pfsense firewall client connecting to a Softether server in AWS. Here is an openvpn log from the pfsense openvpn client.
Code: Select all
OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Initializing OpenSSL support for engine 'rdrand'
TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
UDPv4 link local (bound): [AF_INET]192.168.1.221:0
UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
[xxx.xxx.xxx.xxx.softether.net] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
TUN/TAP device ovpnc2 exists previously, keep at program end
TUN/TAP device /dev/tap2 opened
/usr/local/sbin/ovpn-linkup ovpnc2 1500 1589 init
Initialization Sequence Completed
But the "red" network path is not working, while the green ones do. I suspect my L3 IP routing switch configuration might not be right:
Here is what I know:
- I can ping from my laptop to my pfsense firewall, I can also ssh to my softether instance in aws and ping the 10.208.37.167 server from there no problem.
- I set a virtual interface to the appropriate virtual hub without conflicting subnets.
Any help you can provide will be greatly appreciated, my apologies for the rough documentation or ignorance I could portray.