OpenVPN Multiple Site-to-Sites routing problem!
-
I'm trying to setup a Peer to Peer ( SSL /TLS) as this:
Site A : Server multi wan and LAN = 10.0.0.0/23
Site B : static ip and LAN = 10.0.2.0/24
Site C : static ip and LAN = 10.0.3.0/24Tunnel Network = 10.1.1.0/24
I have created WAN rules for the port 44441 and OPENVPN on all sites.
OpenVPN Server Config Site A:
dev ovpns3
verb 1
dev-type tun
dev-node /dev/tun3
writepid /var/run/openvpn_server3.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 127.0.0.1
tls-server
server 10.1.1.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server3
ifconfig 10.1.1.1 10.1.1.2
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'pfs.srv.int.cert' 1"
lport 44441
management /var/etc/openvpn/server3.sock unix
push "route 10.0.0.0 255.255.255.0"
route 10.0.2.0 255.255.255.0
route 10.0.3.0 255.255.255.0
ca /var/etc/openvpn/server3.ca
cert /var/etc/openvpn/server3.cert
key /var/etc/openvpn/server3.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server3.tls-auth 0
comp-lzo yes
topology subnetCSO Site A config for Site B:
Common name = pfsense01
Tunnel Network = 10.1.1.0/24
IPv4 Remote Network/s = 10.0.2.0/24CSO Site A config for Site C:
Common name = pfsense02
Tunnel Network = 10.1.1.0/24
IPv4 Remote Network/s = 10.0.3.0/24OpenVPN Client Config Site B:
dev ovpnc1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local XX.XX.XX.XX
tls-client
client
lport 0
management /var/etc/openvpn/client1.sock unix
remote XX.XX.XX.XX 44441
ca /var/etc/openvpn/client1.ca
cert /var/etc/openvpn/client1.cert
key /var/etc/openvpn/client1.key
tls-auth /var/etc/openvpn/client1.tls-auth 1
comp-lzo yes
resolv-retry infiniteOpenVPN Client Config Site C:
dev ovpnc2
verb 1
dev-type tun
dev-node /dev/tun2
writepid /var/run/openvpn_client2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local XX.XX.XX.XX
tls-client
client
lport 0
management /var/etc/openvpn/client2.sock unix
remote XX.XX.XX.XX 44441
ca /var/etc/openvpn/client2.ca
cert /var/etc/openvpn/client2.cert
key /var/etc/openvpn/client2.key
tls-auth /var/etc/openvpn/client2.tls-auth 1
comp-lzo yes
resolv-retry infiniteThis is where i get stuck;
Site A can ping Site B and Site B can ping Site A
Site A cannot ping Site C and Site C can ping Site A
Site B cannot ping Site C and Site C cannot ping Site B
There are no connection problems from TLS or certificate.
Could you please help me.
Thanking you in advance and looking forward for your reply.