Openvpn site to site and remote hostname
-
Ok
I add the remote WINS server in both DHCP but without any result. :(
Still digging for a solution though.
-
Did you verify that the remote clients received the new WINS setting?
All the clients will need a release/renew otherwise they won't receive the new config until their DHCP lease is up, which can be up to 8 days by default.
-
Thanks
I will check that.
I had to reboot my both firewall cause after some test, i could'nt even ping server side. I found something in my openvpn log on client side.
Mar 17 12:17:13 openvpn[44812]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 17 12:17:13 openvpn[44812]: ERROR: FreeBSD route add command failed: external program exited with error status: 1So i guess it's part of the problem.
i will check for that and comeback with result.
-
Ok update
I found on an other thread the reason of those error. It append when you try to push a route and the route is already there . So i change my config file for the following and got no more error. I still can't reach by hostname but i will work on it after the users are gone.
server2.conf
dev ovpns2 dev-type tun tun-ipv6 dev-node /dev/tun2 writepid /var/run/openvpn_server2.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-128-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local ---- tls-server server 10.0.8.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc ifconfig 10.0.8.1 10.0.8.2 tls-verify /var/etc/openvpn/server2.tls-verify.php lport 1194 management /var/etc/openvpn/server2.sock unix push "route 192.168.20.0 255.255.255.0" route 192.168.10.0 255.255.255.0 ca /var/etc/openvpn/server2.ca cert /var/etc/openvpn/server2.cert key /var/etc/openvpn/server2.key dh /etc/dh-parameters.1024 tls-auth /var/etc/openvpn/server2.tls-auth 0 comp-lzo -
Its a site to site you said, not road warrior..
So you pushing stuff to clients is not going to do much good for the clients connected to the other pfsense.
So you have wins on each side? Is this one AD or different AD setups - I see one site called Fercon.Dorval.Local", does the other site use the same domain?
-
Its a site to site you said, not road warrior..
So you pushing stuff to clients is not going to do much good for the clients connected to the other pfsense.
Ok, i will change that. I put this cause i look in the sticky post " Site-To-Site OpenVPN using PKI (something of a howto)" so i tought it was the way to do it.
So you have wins on each side?
Yes
Is this one AD or different AD setups - I see one site called Fercon.Dorval.Local", does the other site use the same domain?
Different AD setups with different domain (Cadroporte.Blainville.Local).
Thanks for the reply ;)
-
So is this a site to site? Still not clear?
Or are clients from one side actually connecting to the other pfsense as a vpn client?
-
It's a site to site.
users on both side got shared folders with others. I know….. that's the "heritage" from the guy before me. I'm working at bring everyting on a file server but for now on, i got to live with this.
-
Well then just point your AD dns to the other AD dns for that domain via a conditional forwarder. Have each AD dns look to your wins as well.
-
Well, i didn't findout to make it work so i used the hard way. Creating a list of all pc, create a batch to update lmhost and run it over each network. It's far then neat and clean but it works.
Thanks for everyone !
