site to site not working loc to loc

mic.bummer

Hello forum, the configuration of the site is not working for me :(

Routes are created on two sites, from local networks the route goes to ovpn adress and then there is no route to the local network, what should I update in my configuration?

hm..

thanks for reply

viragomann

@mic-bummer
In the client specific override state a certain IP for the client in the "Tunnel network" box.
Also enter the client site's networks into the "Remote Networks" field in the same way as you did in the server settings and empty the Advanced options box.

mic.bummer

@viragomann

Yes, I tried adding networks, routes are added on two sites, but there is no access to the local network

from pf site B (client/10.0.1.2/10.10.21.1) can ping pf site B (server/10.0.1.2/10.2.101.1) and network clients 10.2.101.0/24 but not from client network site (B) 10.10.21.0/24

from pf site A (server) cant ping pf site B (client/10.0.1.2/10.10.21.1) and network clients 10.10.21.0/24

mic.bummer

tracert

viragomann

@mic-bummer
10.0.1.0/28 is not a usable client IP, this is the network address. Enter something like 10.0.1.11/28 instead.

Also I suggested to remove the iroute commands and enter the networks into the "Remote Networks" field in the CSO as it's intended in the pfSense docs.

mic.bummer

@viragomann where can I change the client's address? It automatically gets 10.0.1.2....

changed the parameter, but no change

viragomann

@mic-bummer
The "Remote Networks" box in the CSO is still empty. You have to enter all client site networks there, same as in the server settings.

Then ensure that the client gets the correct virtual IP.

mic.bummer

@viragomann yeap, client take 10.0.1.2 same before..

in diag_routes correct routes are added

network clients also cannot access

viragomann

@mic-bummer said in site to site not working loc to loc:

yeap, client take 10.0.1.2 same before..

So this means, that the CSO is not applied.
Ensure that the common name in the clients certificate is equal to that you stated in the CSO.

If this is correct set the servers log level to 4 and reestablish the connection and look in the log after for hints on this.

mic.bummer

@viragomann openvpn status is connected, hope what no problem with ovpn authorization and routes, all traffic on the firewall is allowed, this is a new installation of pfssense

but clients a/b of network cant see other client network b/a ..

mic.bummer

@viragomann hi, your solution work!
thanks!