Openvpn Site-to-Site Routing
-
hello
I just setup a new network and added site-to-site ssl/tls
my old network was working fine with site-to-site shared key but now I need to go with ssl/tls
the problem is I am not sure how to route with peer to peer ssl/tls
https://www.netgate.com/docs/pfsense/book/openvpn/site-to-site-example-configuration-ssl-tls.html
this guide does not shows when you setup a client site how to setup a section "Tunnel Settings" in the shared key setup I had to enter the same "IPv4 Tunnel Network" as the server in my case 10.0.8.0/24 and "IPv4 Remote Networks" all the networks I want to access from this clientIn fact what I was be able to understand from this guide all routing have to be setup on the server.
Any network that need to be reached by the client must be entered in: IPv4 Local Network
and
any network that need to be reached by the server must be entered in: IPv4 Remote NetworkIf I am right then I miss something because I can't reach any network I entered IPv4 Local Network from the client because the tunnel is up and running
EDIT : Just to make sure my rule on the server site is correct because I have other remote openvpns I had to add rule for this tunnel 10.0.102.0/24
my client is from any ANY to ANY Rule for now
EDIT : Client Site log
code Jan 16 07:18:08 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:18:29 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:18:29 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:18:29 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:18:29 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:18:29 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:18:29 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:18:29 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:18:29 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:18:51 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:18:51 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:18:51 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:18:51 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:18:51 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:18:51 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:18:51 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:18:51 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:19:12 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:19:12 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:19:12 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:19:12 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:19:12 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:19:12 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:19:12 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:19:12 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:19:34 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:19:34 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:19:34 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:19:34 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:19:34 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:19:34 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:19:34 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:19:34 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:19:55 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:19:55 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:19:55 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:19:55 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:19:55 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:19:55 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:19:55 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:19:55 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:20:16 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:20:16 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:20:16 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:20:16 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:20:16 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:20:16 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:20:16 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:20:16 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:20:37 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:20:37 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:20:37 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:20:37 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:20:37 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:20:37 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:20:37 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:20:37 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:20:58 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:20:58 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:20:58 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:20:58 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:20:58 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:20:58 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:20:58 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:20:58 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:21:19 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:21:19 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:21:19 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:21:19 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:21:19 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:21:19 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:21:19 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:21:19 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:21:41 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:21:41 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:21:41 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:21:41 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:21:41 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:21:41 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:21:41 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:21:41 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:22:02 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:22:02 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:22:02 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:22:02 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:22:02 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:22:02 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:22:02 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:22:02 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:22:23 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:22:23 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:22:23 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:22:23 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:22:23 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:22:23 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:22:23 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:22:23 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:22:45 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:22:45 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:22:45 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:22:45 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:22:45 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:22:45 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:22:45 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:22:45 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:23:06 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:23:06 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:23:06 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:23:06 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:23:06 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:23:06 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:23:06 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:23:06 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:23:28 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:23:28 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:23:28 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:23:28 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:23:28 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:23:28 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:23:28 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:23:28 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:23:49 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:23:49 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:23:49 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:23:49 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:23:49 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:23:49 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:23:49 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:23:49 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:24:09 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:24:09 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:24:09 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:24:09 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:24:09 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:24:09 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:24:09 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:24:09 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:24:31 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:24:31 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:24:31 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:24:31 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:24:31 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:24:31 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:24:31 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:24:31 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:24:52 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:24:52 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:24:52 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:24:52 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:24:52 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:24:52 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:24:52 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:24:52 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:25:14 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:25:14 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:25:14 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:25:14 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:25:14 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:25:14 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:25:14 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:25:14 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:25:35 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:25:35 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:25:35 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:25:35 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:25:35 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:25:35 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:25:35 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:25:35 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:25:57 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:25:57 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:25:57 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:25:57 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:25:57 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:25:57 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:25:57 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:25:57 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:26:18 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:26:18 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:26:18 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:26:18 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:26:18 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:26:18 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:26:18 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:26:18 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:26:39 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:26:39 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:26:39 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:26:39 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:26:39 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:26:39 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:26:39 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:26:39 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:27:00 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:27:00 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:27:00 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:27:00 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:27:00 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:27:00 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:27:00 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:27:00 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:27:22 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:27:22 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:27:22 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:27:22 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:27:22 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:27:22 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:27:22 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:27:22 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:27:43 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:27:43 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:27:43 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:27:43 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:27:43 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:27:43 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:27:43 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:27:43 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:28:04 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:28:04 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:28:04 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:28:04 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:28:04 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:28:04 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:28:04 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:28:04 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:28:25 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:28:25 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:28:25 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:28:25 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:28:25 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:28:25 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:28:25 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:28:25 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:31:20 openvpn 45888 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock Jan 16 07:31:20 openvpn 45888 MANAGEMENT: CMD 'state 1' Jan 16 07:31:20 openvpn 45888 MANAGEMENT: CMD 'status 2' Jan 16 07:31:20 openvpn 45888 MANAGEMENT: Client disconnected Jan 16 07:31:20 openvpn 30385 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jan 16 07:31:20 openvpn 30385 MANAGEMENT: CMD 'state 1' Jan 16 07:31:20 openvpn 30385 MANAGEMENT: CMD 'status 2' Jan 16 07:31:20 openvpn 30385 MANAGEMENT: Client disconnected Jan 16 07:31:27 openvpn 30385 event_wait : Interrupted system call (code=4) Jan 16 07:31:27 openvpn 30385 Closing TUN/TAP interface Jan 16 07:31:27 openvpn 30385 /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1573 10.0.102.2 255.255.255.0 init Jan 16 07:31:27 openvpn 30385 SIGTERM[hard,] received, process exiting Jan 16 07:31:28 openvpn 99903 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018 Jan 16 07:31:28 openvpn 99903 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10 Jan 16 07:31:28 openvpn 148 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock Jan 16 07:31:28 openvpn 148 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Jan 16 07:31:28 openvpn 148 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 16 07:31:28 openvpn 148 Initializing OpenSSL support for engine 'cryptodev' Jan 16 07:31:28 openvpn 148 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Jan 16 07:31:28 openvpn 148 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Jan 16 07:31:28 openvpn 148 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Jan 16 07:31:28 openvpn 148 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Jan 16 07:31:28 openvpn 148 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:1194 Jan 16 07:31:28 openvpn 148 Socket Buffers: R=[42080->1048576] S=[57344->1048576] Jan 16 07:31:28 openvpn 148 UDPv4 link local (bound): [AF_INET]xx.xx.xx.xx:0 Jan 16 07:31:28 openvpn 148 UDPv4 link remote: [AF_INET]xx.xx.xx.xx:1194 Jan 16 07:31:28 openvpn 148 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:1194, sid=f7f86e85 1771530f Jan 16 07:31:28 openvpn 148 VERIFY OK: depth=1, CN=P2P_OpenVPN_CA, C=US, ST=MA, L=OPT, O=OOO, OU=Remote Management Jan 16 07:31:28 openvpn 148 VERIFY OK: depth=0, CN=p2p, C=US, ST=MA, L=OPT, O=OOO, OU=Remote Management Jan 16 07:31:28 openvpn 148 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Jan 16 07:31:28 openvpn 148 [p2p] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194 Jan 16 07:31:29 openvpn 148 SENT CONTROL [p2p]: 'PUSH_REQUEST' (status=1) Jan 16 07:31:30 openvpn 148 PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.128,compress lz4-v2,route-gateway 10.0.102.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.0.102.2 255.255.255.0,peer-id 1' Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Jan 16 07:31:30 openvpn 148 OPTIONS IMPORT: timers and/or timeouts modified Jan 16 07:31:30 openvpn 148 OPTIONS IMPORT: compression parms modified Jan 16 07:31:30 openvpn 148 OPTIONS IMPORT: --ifconfig/up options modified Jan 16 07:31:30 openvpn 148 OPTIONS IMPORT: route-related options modified Jan 16 07:31:30 openvpn 148 OPTIONS IMPORT: peer-id set Jan 16 07:31:30 openvpn 148 OPTIONS IMPORT: adjusting link_mtu to 1625 Jan 16 07:31:30 openvpn 148 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key Jan 16 07:31:30 openvpn 148 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication Jan 16 07:31:30 openvpn 148 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key Jan 16 07:31:30 openvpn 148 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication Jan 16 07:31:30 openvpn 148 TUN/TAP device /dev/tun1 opened Jan 16 07:31:30 openvpn 148 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Jan 16 07:31:30 openvpn 148 /sbin/ifconfig ovpnc1 10.0.102.2 10.0.102.1 mtu 1500 netmask 255.255.255.0 up Jan 16 07:31:30 openvpn 148 FreeBSD ifconfig failed: external program exited with error status: 1
-
Anyone
I don't understand I can't find any tutorial except the one from netgate
Is no one use the peer-to-peer with ssl/tls ??????????????? only shared key peer-to-peer -
Do you have set the iroutes?
https://www.netgate.com/docs/pfsense/vpn/openvpn/configuring-a-site-to-site-pki-ssl-openvpn-instance.html
https://www.netgate.com/docs/pfsense/vpn/openvpn/troubleshooting-openvpn-internal-routing-iroute.html-Rico
-
@rico I did set the iroutes but what I am trying to understand is how to fill out the section : Tunnel Settings
The iroutes are binding the certificates to the client CN and LAN interface
I can't understand the part where let say I have 3 locations
Server (where I have static IP)
I want to have clients access :
LAN : 192.168.2.0/25
SERVER_VLAN : 10.12.12.0/25
DEVICE_VLAN : 10.82.80.0/25SITE A:
LAN : 192.168.3.0/25
SERVER_VLAN : 10.11.12.0/25
DEVICE_VLAN : 10.81.80.0/25SITE B:
LAN : 192.168.5.0/25
SERVER_VLAN : 10.15.12.0/25
DEVICE_VLAN : 10.85.80.0/25I also want server to have access to their
LAN, SERVER_VLAN, DEVICE_VLANI want also each site to have access to each others
LAN, SERVER_VLAN, DEVICE_VLANwith the shared key is easy
I create 2 servers vpn's on the server site
on the client A sites I add :
Tunnel Settings
IPv4 Remote Networks: Server's CIDRs + Client B CIDRsClient B Site
Server's CIDRs + Client A CIDRsServer Site
Client A CIDRs + Client B CIDRsHere with SSL/TLS I have
Server:
IPv4 Local network(s) and IPv4 Remote network(s) witch confuses me!!!!!!In Client Specific Overrides should I bind only the client LAN to the certificate or every CIDR's on the client I want to go trough the tunnel ??????
and
How do I configure the server to interconnect both sites??????So many questions :)
My server is also Multi-WAN and HA-cluster
I already created a group for load balance and 2 for failover
also changed the virtual IP from "Interface Address" to each WAN's corresponding VIP addressFor the OpenVPN I blinded to the localhost and port forwarded the vpn port I used from each WAN VIPs to localhost
If I am not using the server for clients to have internet access I won't need to add NAT rule for that subnet ?????????
Thank you
-
Yes there are some differences with Shared Key and PKI but not really this much.
Personally I'd always recommend to create one OpenVPN Instance per Site even if it's PKI.
For the iroute you pick the proper OpenVPN Instance in the Client Specific Overrides server list, as Common Name 1:1 the Client Cert and you only fill the 'IPv4 Remote Network/s' Box with your network(s) for this client.@xlameee said in Openvpn Site-to-Site Routing:
How do I configure the server to interconnect both sites?
pfSense will do with the routing table, but you need to configure your OpenVPN Instance + iroutes correctly and then get the Firewall Rules in place.
I recommend you to check out https://www.netgate.com/resources/videos/advanced-openvpn-on-pfsense-24.html which will give a better overview and nice tips and tricks.
-Rico
-
@rico hello
I just finished configuring ssl/tls openvpn all working fine, but I couldn't understand in the server there is a section "Local Networks" what exactly this is for. Because without it I don't see any issues????
Also my cpu support AES-NI - Hardware crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM
My pfSense box also have Chelsio T580-SO-CR witch I believe support Crypto offload, but I am not sure how to use that function OpenVPN seems to support only "cryptodev" I have to set to AES-NI and BSD Crypto Device in order to get any crypto offload on the OpenVPN. Even so I get much better performance on the bare metal then VM, but I am sure with my setup that's not it !!!!!Also the million dollar question is HOW TO: OpenVPN Site-to-Site with DNS
In the past I tried to setup Bind with no luck seems I need to study more and I have to go with build in unbound for now
My sites are subdomains like:site1.myco.local
site2.myco.local
site3.myco.localIs there a way I can resolve without adding the hosts to each site manually
Thank you
EDIT:
Is this section of client specific Overrides can be the key to be resolved by other clients