Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] Site to site with vps server

    OpenVPN
    2
    5
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      diegox80
      last edited by

      Good evening to you all!
      I have the following topology for my vpn:

        192.168.100.10                                                                          192.168.101.21
      +-------+                                                                                +-------+
      |       |               192.168.100.1           10.8.0.1           192.168.101.1         |       |
      |  CL1  +-------+        +----------+         +----------+          +-----------+    +---+  CL3  |
      |       |       +--------+          |         |          |          |           +----+   |       |
      +-------+                | pfsense1 +---------+  OvpnSrv +----------+  pfsense2 |        +-------+
      +-------+       +--------+          |         |          |          |           +----+   +-------+
      |       |       |        +----------+         +----------+          +-----------+    |   |       |
      |  CL2  +-------+                        public_ip: 11.22.33.44                      +---+  CL4  |
      |       |                                                                                |       |
      +-------+                                                                                +-------+
        192.168.100.11                                                                         192.168.101.22
      
      

      This is my server.conf

      
      port 1194
      proto udp
      dev tun
      ca /etc/openvpn/easy-rsa/keys/ca.crt
      cert /etc/openvpn/easy-rsa/keys/server.crt
      key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret
      dh /etc/openvpn/easy-rsa/keys/dh4096.pem
      
      server 10.8.0.0 255.255.255.0
      ifconfig-pool-persist ipp.txt
      
      client-config-dir ccd
      route 192.168.100.0 255.255.255.0
      route 192.168.101.0 255.255.255.0
      
      client-to-client
      push "route 192.168.100.0 255.255.255.0"
      push "route 192.168.101.0 255.255.255.0"
      
      keepalive 10 120
      tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
      comp-lzo
      user openvpn_server
      group nogroup
      persist-key
      persist-tun
      status openvpn-status.log
      verb 3
      cipher AES-256-CBC
      auth SHA512
      tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
      
      

      From CL1 I can ping pfsense2 but not CL3 or CL4.
      Same on the other side:
      from CL3 I can ping pfsense1 but not CL1 or CL2

      I'm very noob in pfsense and networking, but I think I have to configure rules or nat or something similar in pfsense 1 and 2.
      Tanks

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Why you push both sites LAN subnet to the VPN client?

        You haven't mentioned which site is the server and which is the client. But no matter, just enter the other sites LAN subnet in the "IPv4 Remote Networks" box in server and the client settings, no other.

        1 Reply Last reply Reply Quote 0
        • D
          diegox80
          last edited by

          Very tanks for reply.
          The server is ovpnsrv that is a linode vps.
          Pfsense1 and pfsense2 are both clients.
          There are others vps that are openvpn clients in linode cloud: i want that all can see pfsense1 and pfsense2 subnet.

          Your answer is valid however?
          Tanks

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            I see. I didn't notice the server in the middle of your graphic.

            Yes, my answer above is valid anyway. But on the server you need also the iroute command for each client. Have you set these?

            1 Reply Last reply Reply Quote 0
            • D
              diegox80
              last edited by

              Thanks for the support!
              After your advice routing was ok, but clients that are behind pfsense respond only to the ping…
              no http, no ssh, nothing!!!!
              I thought it was some sort of firewall rule, but the problem was that pfsense is on a VM (kvm on very old proxmox1.9):
              solved with this
              https://doc.pfsense.org/index.php/VirtIO_Driver_Support

              Tanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.