Site-to-Site TLS - routes not populating at Client
-
I am trying to setup an OpenVPN site-to-site and having a hard time.
Site1:
172.16.0.0/24 - LAN
192.168.25.0/24 - TunnelSite2:
192.168.101.0/24 - LAN
I setup a rootCA and intermediary (VPN) CA. Created certs for both sites...all seem good. Created client override parameters with necessary local, remote networks.
The VPN between the sites connect and on site1 (server) shows all the correct routes to site2. On site2 there are no routes showing for site1.
From the tunnel interface on site1 I can ping site2's tunnel interface. From site2's tunnel interface, I cannot ping site1's tunnel interface...
What else should I be looking at?
-
@mcouture said in Site-to-Site TLS - routes not populating at Client:
On site2 there are no routes showing for site1.
You can look into the log to ensure if the client specific override is applied.
But you can as well enter the server sides networks into the "Remote Networks" filed on the client directly.From the tunnel interface on site1 I can ping site2's tunnel interface. From site2's tunnel interface, I cannot ping site1's tunnel interface...
This is almost a firewall issue. Did you add rules to the OpenVPN tab on the server to allow access?
-
I do have IP4* any-any FW rules on the OpenVPN tab.
I do see the client overrides being read from the logs.
** I was able to get this to work by removing all details for local and remote networks from the site2 config. I then saw in the logs routes being set.
I do now see: ERROR: FreeBSD route add command failed: external program exited with error status: 1
but everything is working...hmmm
-
@mcouture said in Site-to-Site TLS - routes not populating at Client:
I do now see: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Maybe you stated overlapping networks. The log should show the network which the error is referring to.