• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] Site to site with vps server

Scheduled Pinned Locked Moved OpenVPN
5 Posts 2 Posters 1.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    diegox80
    last edited by Oct 31, 2016, 8:53 PM Oct 29, 2016, 4:50 PM

    Good evening to you all!
    I have the following topology for my vpn:

      192.168.100.10                                                                          192.168.101.21
    +-------+                                                                                +-------+
    |       |               192.168.100.1           10.8.0.1           192.168.101.1         |       |
    |  CL1  +-------+        +----------+         +----------+          +-----------+    +---+  CL3  |
    |       |       +--------+          |         |          |          |           +----+   |       |
    +-------+                | pfsense1 +---------+  OvpnSrv +----------+  pfsense2 |        +-------+
    +-------+       +--------+          |         |          |          |           +----+   +-------+
    |       |       |        +----------+         +----------+          +-----------+    |   |       |
    |  CL2  +-------+                        public_ip: 11.22.33.44                      +---+  CL4  |
    |       |                                                                                |       |
    +-------+                                                                                +-------+
      192.168.100.11                                                                         192.168.101.22
    
    

    This is my server.conf

    
    port 1194
    proto udp
    dev tun
    ca /etc/openvpn/easy-rsa/keys/ca.crt
    cert /etc/openvpn/easy-rsa/keys/server.crt
    key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret
    dh /etc/openvpn/easy-rsa/keys/dh4096.pem
    
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    
    client-config-dir ccd
    route 192.168.100.0 255.255.255.0
    route 192.168.101.0 255.255.255.0
    
    client-to-client
    push "route 192.168.100.0 255.255.255.0"
    push "route 192.168.101.0 255.255.255.0"
    
    keepalive 10 120
    tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
    comp-lzo
    user openvpn_server
    group nogroup
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3
    cipher AES-256-CBC
    auth SHA512
    tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
    
    

    From CL1 I can ping pfsense2 but not CL3 or CL4.
    Same on the other side:
    from CL3 I can ping pfsense1 but not CL1 or CL2

    I'm very noob in pfsense and networking, but I think I have to configure rules or nat or something similar in pfsense 1 and 2.
    Tanks

    1 Reply Last reply Reply Quote 0
    • V
      viragomann
      last edited by Oct 29, 2016, 5:24 PM

      Why you push both sites LAN subnet to the VPN client?

      You haven't mentioned which site is the server and which is the client. But no matter, just enter the other sites LAN subnet in the "IPv4 Remote Networks" box in server and the client settings, no other.

      1 Reply Last reply Reply Quote 0
      • D
        diegox80
        last edited by Oct 29, 2016, 6:53 PM Oct 29, 2016, 6:45 PM

        Very tanks for reply.
        The server is ovpnsrv that is a linode vps.
        Pfsense1 and pfsense2 are both clients.
        There are others vps that are openvpn clients in linode cloud: i want that all can see pfsense1 and pfsense2 subnet.

        Your answer is valid however?
        Tanks

        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by Oct 29, 2016, 8:37 PM

          I see. I didn't notice the server in the middle of your graphic.

          Yes, my answer above is valid anyway. But on the server you need also the iroute command for each client. Have you set these?

          1 Reply Last reply Reply Quote 0
          • D
            diegox80
            last edited by Oct 31, 2016, 8:53 PM

            Thanks for the support!
            After your advice routing was ok, but clients that are behind pfsense respond only to the ping…
            no http, no ssh, nothing!!!!
            I thought it was some sort of firewall rule, but the problem was that pfsense is on a VM (kvm on very old proxmox1.9):
            solved with this
            https://doc.pfsense.org/index.php/VirtIO_Driver_Support

            Tanks

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received