4 pfsense servers+vpn routing+vpn gui client
-
@rostyslav-didus OK that looks good. It's not every day I see someone using a /23.
What are your firewall rules for the OpenVPN interfaces?
-
@kom
We've got many clients )
-
This post is deleted! -
@rostyslav-didus
Maybe the destination devices are blocking access from outside their local networks. This is the default behavior of PC firealls. -
Dammit, clicked Delete by accident...
viragomann had a good suggestion above. Often times a desktop firewall will block traffic from outside its local subnet.
Can you not access anything on any network, or are you just trying Windows systems?
-
@kom I saw that message )
It is about vpn's config on each server.I'll add this info tomorrow. -
@viragomann
I wish it was like this way.
But it is not.Windows FIrewall is turned off.
For some reason pfsense allows me to see only network behind the server I connected to.I'll add vpn config's of all servers tomorrow.
Thank you. -
@rostyslav-didus said in 4 pfsense servers+vpn routing+vpn gui client:
For some reason pfsense allows me to see only network behind the server I connected to.
From your first post, I assumed you get not even this.
So you connect to different servers by vpn and want to access the remote networks in the other locations, which are connected with a site2site?
-
@viragomann
Yes.Correct. -
@rostyslav-didus
So consider that you have to populate the route for the access servers tunnel network on the s2s remote sites. -
@viragomann
Server side
Vpn server settings for users with openvpn gui client.
As you see,I entered all subnets to ipv4 local networks.
Should I add here tunnel network subnets?
Client side+server side for tunnel 1
Client side+server side for tunnel 2
Client side+server side for tunnel 3
When I connect via openvpn gui and trying tracert command to 10.10.104.2(windows server) I receive time out.
If I try to connect to any subnet's server it works fine when I initialize connection from one of those subnet(10.10.100.0/23,10.10.98.0/23 etc.)
-
@rostyslav-didus
You have to add the access server tunnel network 10.1.5.0/24 to the "Remote networks" on all remote sites, so that the branch routers set a route for it pointing to the main. -
@viragomann,
My Lord!
It works now.Added 10.1.5.0/24 to each "remote networks" configuration.
I appreciate that.
Thanks a lot.
