[SOLVED] Site to site with vps server



  • Good evening to you all!
    I have the following topology for my vpn:

      192.168.100.10                                                                          192.168.101.21
    +-------+                                                                                +-------+
    |       |               192.168.100.1           10.8.0.1           192.168.101.1         |       |
    |  CL1  +-------+        +----------+         +----------+          +-----------+    +---+  CL3  |
    |       |       +--------+          |         |          |          |           +----+   |       |
    +-------+                | pfsense1 +---------+  OvpnSrv +----------+  pfsense2 |        +-------+
    +-------+       +--------+          |         |          |          |           +----+   +-------+
    |       |       |        +----------+         +----------+          +-----------+    |   |       |
    |  CL2  +-------+                        public_ip: 11.22.33.44                      +---+  CL4  |
    |       |                                                                                |       |
    +-------+                                                                                +-------+
      192.168.100.11                                                                         192.168.101.22
    
    

    This is my server.conf

    
    port 1194
    proto udp
    dev tun
    ca /etc/openvpn/easy-rsa/keys/ca.crt
    cert /etc/openvpn/easy-rsa/keys/server.crt
    key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret
    dh /etc/openvpn/easy-rsa/keys/dh4096.pem
    
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    
    client-config-dir ccd
    route 192.168.100.0 255.255.255.0
    route 192.168.101.0 255.255.255.0
    
    client-to-client
    push "route 192.168.100.0 255.255.255.0"
    push "route 192.168.101.0 255.255.255.0"
    
    keepalive 10 120
    tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
    comp-lzo
    user openvpn_server
    group nogroup
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3
    cipher AES-256-CBC
    auth SHA512
    tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
    
    

    From CL1 I can ping pfsense2 but not CL3 or CL4.
    Same on the other side:
    from CL3 I can ping pfsense1 but not CL1 or CL2

    I'm very noob in pfsense and networking, but I think I have to configure rules or nat or something similar in pfsense 1 and 2.
    Tanks



  • Why you push both sites LAN subnet to the VPN client?

    You haven't mentioned which site is the server and which is the client. But no matter, just enter the other sites LAN subnet in the "IPv4 Remote Networks" box in server and the client settings, no other.



  • Very tanks for reply.
    The server is ovpnsrv that is a linode vps.
    Pfsense1 and pfsense2 are both clients.
    There are others vps that are openvpn clients in linode cloud: i want that all can see pfsense1 and pfsense2 subnet.

    Your answer is valid however?
    Tanks



  • I see. I didn't notice the server in the middle of your graphic.

    Yes, my answer above is valid anyway. But on the server you need also the iroute command for each client. Have you set these?



  • Thanks for the support!
    After your advice routing was ok, but clients that are behind pfsense respond only to the ping…
    no http, no ssh, nothing!!!!
    I thought it was some sort of firewall rule, but the problem was that pfsense is on a VM (kvm on very old proxmox1.9):
    solved with this
    https://doc.pfsense.org/index.php/VirtIO_Driver_Support

    Tanks


Log in to reply