Thanks, all solutions works good for me.

Did you do the OpenVPN routes correctly this time?

You should never set any static routes for OpenVPN. Set local and remote networks in the server and client configs and let OpenVPN do it.

Else we're going to need screen shots of the configurations. Not a summary of what you think you did.

OpenVPN server and client and Diagnostics > Routes probably a good place to start. Plus the specific IP address pairs and how you're testing.

i added to Concurrent connections number 5 but still not working .
i want to mention that the openvpn working fine but from only single internet source if the client change the internet source or just ip changed cannot reconnect again

Managed to find the issue. Didn't open the advanced box and in there was an option to select gateway. After that and a reboot all appears fine

pfSense is not a mail server!

@jpscirocco said in Sitetosite routing problems:

but it is maybe possible that just 1 client from network a uses the internet from network b ?

If your router at site A is capable of doing this, it would work. Since it is not pfSense, this is the wrong place to ask that.

ok ! i'm going to do this

Suppose this was the wrong forum to ask in.

@derelict I forgot to add an user certificate

Because I authenticate users from radius I had to add an certificate for the user

Thank you

Glad that looks like a viable option for you.

FYI the proper channel for feature requests is to open a feature request at https://redmine.pfsense.org/

@johnpoz I needed to reboot the pfSense box today for another reason, and it seems that Unbound now no longer restarts if an OpenVPN connections is established. So I guess that was only a temporary issue. Thanks for your help!

@arthurg94 De rien ))

@trazom
Il n'y a pas de quoi

Glad you have it working now. ☺

-Rico

You have to add an additional phase 2 to the IPSec configs for the access server tunnel network.
Also in the access server settings you have to add the the remote LAN networks, which the clients should be able to access, to the "Local networks".

For instance:
site A:
LAN: 10.0.10.0/24
access server tunnel: 192.168.21.0/24

site B:
LAN: 10.0.20.0/24
access server tunnel: 192.168.22.0/24

site C:
LAN: 10.0.30.0/24
access server tunnel: 192.168.23.0/24

So at site A you have two add phase 2 to each IPSec with local: 192.168.21.0/24 and the appropriate remote network.
at site B local: 192.168.22.0/24
at site C local: 192.168.23.0/24
Also add phase 2 settings to the respective IPSec config on the remote site with permuted networks, of course.

Access server "Local Network/s":
A, B and C: 10.0.10.0/24,10.0.20.0/24,10.0.30.0/24

I don’t know how to use the results from Google... :(

Yes, 3 boxes, but no, not connecting them together with OpenVPN (using IPSEC VTI for that). It's just that each site has different users, and if there's a snow day the'd need to work from home. With 2 of the boxes (one netgate, one white box) OpenVPN has been problem free. Just one has issues. I'm thinking it might be a bad install, and that I need to re-do the installation.
This particular office had a netgate box fail when I upgraded to 2.4.4 (no anything on the serial terminal no matter what I did with the reset button) so I swapped in a spare 3-NIC PC, installed pfSense on that - and OpenVPN was working fine there, too. But I needed more NICs, so I bought another white box, installed pfSense - and everything is working except OpenVPN. I guess I know what I'm doing this weekend. Sigh...

I am having troubles with iOS as well. In my case, disabling compression on the server was the only fix. With LZ4 or LZO, I could connect and ping, but RDP would not work.