OpenVPN site to site tunnel online pfsense openvpn client to Softether Server, L3 IP routing doesn't work

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
PhobMX
Posts: 1
Joined: Thu Oct 25, 2018 3:01 am

OpenVPN site to site tunnel online pfsense openvpn client to Softether Server, L3 IP routing doesn't work

Post by PhobMX » Thu Oct 25, 2018 4:53 am

Hi all

First and foremost I'm a medium-intermediate developer that has been doing a lot of networking lately, but I consider myself novice-intermediate in the later.

So I've confirmed that I have an online tunnel from my pfsense firewall client connecting to a Softether server in AWS. Here is an openvpn log from the pfsense openvpn client.

Code: Select all

OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Initializing OpenSSL support for engine 'rdrand'
TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
UDPv4 link local (bound): [AF_INET]192.168.1.221:0
UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
[xxx.xxx.xxx.xxx.softether.net] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
TUN/TAP device ovpnc2 exists previously, keep at program end
TUN/TAP device /dev/tap2 opened
/usr/local/sbin/ovpn-linkup ovpnc2 1500 1589 init
Initialization Sequence Completed
The intention is to access seamlessly the aws network within our office.
Capture2.PNG
But the "red" network path is not working, while the green ones do. I suspect my L3 IP routing switch configuration might not be right:
Capture.PNG
Here is what I know:

- I can ping from my laptop to my pfsense firewall, I can also ssh to my softether instance in aws and ping the 10.208.37.167 server from there no problem.
- I set a virtual interface to the appropriate virtual hub without conflicting subnets.

Any help you can provide will be greatly appreciated, my apologies for the rough documentation or ignorance I could portray.
You do not have the required permissions to view the files attached to this post.

thisjun
Posts: 2200
Joined: Mon Feb 24, 2014 11:03 am

Re: OpenVPN site to site tunnel online pfsense openvpn client to Softether Server, L3 IP routing doesn't work

Post by thisjun » Thu Nov 01, 2018 9:15 am

There is only one virtual interface on the virtual L3 switch.
The virtual L3 switch can't route anywhere.

If you want to use NAT, please try SecureNAT instead of the virtual L3 switch.

Post Reply