VPN Site-to-site 4 sites OPENVPN
-
Hello, I want to make a VPN connection site-to-site (shared key) between 4 sites with OPENVPN, and I want the 4 sites to see each other.
At the moment, the site to site tunnel with the server and the other sites works correctly, but the B, C and D sites can not be seen between them.My question is, on the server side, should I add 3 VPN servers?
Or create 1 alone and configure it in some predefined way?And on the client side, how do I see / configure the other sites?
All have a range:
10.1.0.0/16 - HEADER A - Server
10.2.0.0/16 - HEADQUARTERS B
10.3.0.0/16 - HEADQUARTERS C
10.4.0.0/16 - HEADING DI have configured this on the server, in the tunnel to the B site, but I do not know if I'm doing it right (since it does not work) to replicate it in the other tunnels:
In Custom options
push "route 10.3.0.0 255.255.0.0"; push "route 10.4.0.0 255.255.0.0"Thank you
-
Ok, I've seen that I did not do it well, to pass the routes you have to configure Peer to Peer (SSL / TLS)
I have configured it in server and client, and I can establish the VPN connection between the 2, but do not communicate with each other networks, and I do not know why -
Any idea?
-
If I do a ping from the pfsense of (10.2.0.0/16 - SEDE B) to a server computer (10.1.0.0/16 - SEDE A - Server), it answers me.
If I do a ping from the pfsense of (10.1.0.0/16 - SEDE A - Server) to a team of (10.2.0.0/16 - HEADQUARTER B) he does not answer me. -
VPN server configuration:
https://imgur.com/a/WePHUFirewall / Rules / WAN (Server):
https://imgur.com/a/ExQEOFirewall / Rules / OpenVPN (Server):
https://imgur.com/a/ixs51VPN client configuration:
https://imgur.com/a/lYw9BFirewall / Rules / WAN (Client):
https://imgur.com/a/EOcY0Firewall / Rules / OpenVPN (Client):
https://imgur.com/a/8kpySI have nothing else configured in any pfsense, only the certificates for the VPN connection, but these work because the VPN gets up.
-
Please any help?
Server log OpenVPN:
https://imgur.com/a/gVWmEClient log OpenVPN:
https://imgur.com/a/Xz8dg -
any help¿?
-
solved
the common name of the client's certificate was not the same