peer-to-peer and site-to-site
-
I have OpenVPN set up for both site-to-site and peer-to-peer.
Currently I have to locations setup site-to site and plan to add another one. I also have peer-to-peer for remote users when they are away from any of the physical sites. The problem is I cannot seem to get the peer-to-peer users able to connect to all locations. The idea is that all mobile peer-to-peer can access all devices in all locations. Any one done this and made it work? -
@trever, Could you test? and publish logs (so we can help you better)
-
@trever
Often the reason for such issues are overlapping networks on local and remote sites.
Therefore when running a VPN server, you shouldn't use very common default networks like 192.168.0.0/24, 192.168.1.0/24, etc.But this is a shot in the dark. If this is not the case in your setup you will have to provide some more details.
-
@silence The interesting this is that we are trying to connect from our phones. Three phones and I can connect (ping) my phone from both locations but the other two guys we cannot ping. My pfsense server is the main server and peer-to-peer clients are assigned ip's in the 10.0.0.0/24 network and the site-to-site is assigning ip's in the 10.0.1.0/24 network. Right now we only have the two pfsense servers linked. the subnets for both locations for the LAN are different so there is no conflict there.
-
@silence What logs are you referring to?
-
@silence From a machine at my location:
trever@fileserver:~$ traceroute -n 10.0.0.2 My iphone
traceroute to 10.0.0.2 (10.0.0.2), 30 hops max, 60 byte packets
1 10.10.176.1 0.263 ms 0.268 ms 0.245 ms
2 10.0.0.2 103.079 ms 119.438 ms 119.422 ms
trever@fileserver:~$ traceroute -n 10.0.0.3 Android Phone
traceroute to 10.0.0.3 (10.0.0.3), 30 hops max, 60 byte packets
1 10.10.176.1 0.332 ms 0.268 ms 0.253 ms
2 10.0.0.3 80.701 ms 80.672 ms 80.687 ms
trever@fileserver:~$ traceroute -n 10.0.0.4 Android Phone
traceroute to 10.0.0.4 (10.0.0.4), 30 hops max, 60 byte packets
1 10.10.176.1 0.318 ms 0.269 ms 0.282 ms
2 10.0.0.4 115.045 ms 115.052 ms 115.036 msFrom a machine at the remote location:
traceroute to 10.0.0.2 (10.0.0.2), 30 hops max, 60 byte packets My iphone
1 10.10.10.1 0.086 ms 0.102 ms 0.088 ms
2 10.0.1.1 39.070 ms 39.136 ms 39.149 ms
3 10.0.0.2 166.777 ms 175.678 ms 175.803 ms
root@debian:~# traceroute -n 10.0.0.3
traceroute to 10.0.0.3 (10.0.0.3), 30 hops max, 60 byte packets Android Phone
1 10.10.10.1 0.092 ms 0.071 ms 0.058 ms
2 10.0.1.1 40.182 ms 40.208 ms 40.196 ms
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
root@debian:~# traceroute -n 10.0.0.4
traceroute to 10.0.0.4 (10.0.0.4), 30 hops max, 60 byte packets Android Phone
1 10.10.10.1 0.096 ms 0.074 ms 0.058 ms
2 10.0.1.1 38.518 ms 38.914 ms 39.066 ms
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * * -
@trever, You can publish your firewall rules, something is wrong
-
@trever
So you fail to access VPN clients?Consider that each client run its own firewall. And firewalls of different operating systems can have different default settings naturally.
Maybe you noticed that your issues concerns Android devices only.