4. OpenVPN Multiple Site-to-Sites routing problem!

OpenVPN Multiple Site-to-Sites routing problem!

  • 2

    I'm trying to setup a Peer to Peer ( SSL /TLS) as this:

    Site A : Server multi wan and LAN = 10.0.0.0/23
    Site B : static ip and LAN = 10.0.2.0/24
    Site C : static ip and LAN = 10.0.3.0/24

    Tunnel Network = 10.1.1.0/24

    I have created WAN rules for the port 44441 and OPENVPN on all sites.

    OpenVPN Server Config Site A:

    dev ovpns3
    verb 1
    dev-type tun
    dev-node /dev/tun3
    writepid /var/run/openvpn_server3.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    auth SHA256
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 127.0.0.1
    tls-server
    server 10.1.1.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc/server3
    ifconfig 10.1.1.1 10.1.1.2
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'pfs.srv.int.cert' 1"
    lport 44441
    management /var/etc/openvpn/server3.sock unix
    push "route 10.0.0.0 255.255.255.0"
    route 10.0.2.0 255.255.255.0
    route 10.0.3.0 255.255.255.0
    ca /var/etc/openvpn/server3.ca
    cert /var/etc/openvpn/server3.cert
    key /var/etc/openvpn/server3.key
    dh /etc/dh-parameters.2048
    tls-auth /var/etc/openvpn/server3.tls-auth 0
    comp-lzo yes
    topology subnet

    CSO Site A config for Site B:
    Common name = pfsense01
    Tunnel Network = 10.1.1.0/24
    IPv4 Remote Network/s = 10.0.2.0/24

    CSO Site A config for Site C:
    Common name = pfsense02
    Tunnel Network = 10.1.1.0/24
    IPv4 Remote Network/s = 10.0.3.0/24

    OpenVPN Client Config Site B:

    dev ovpnc1
    verb 1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    auth SHA256
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local XX.XX.XX.XX
    tls-client
    client
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote XX.XX.XX.XX 44441
    ca /var/etc/openvpn/client1.ca
    cert /var/etc/openvpn/client1.cert
    key /var/etc/openvpn/client1.key
    tls-auth /var/etc/openvpn/client1.tls-auth 1
    comp-lzo yes
    resolv-retry infinite

    OpenVPN Client Config Site C:

    dev ovpnc2
    verb 1
    dev-type tun
    dev-node /dev/tun2
    writepid /var/run/openvpn_client2.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    auth SHA256
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local XX.XX.XX.XX
    tls-client
    client
    lport 0
    management /var/etc/openvpn/client2.sock unix
    remote XX.XX.XX.XX 44441
    ca /var/etc/openvpn/client2.ca
    cert /var/etc/openvpn/client2.cert
    key /var/etc/openvpn/client2.key
    tls-auth /var/etc/openvpn/client2.tls-auth 1
    comp-lzo yes
    resolv-retry infinite

    This is where i get stuck;

    Site A can ping Site B and Site B can ping Site A

    Site A cannot ping Site C and Site C can ping Site A

    Site B cannot ping Site C and Site C cannot ping Site B

    There are no connection problems from TLS or certificate.

    Could you please help me.
    Thanking you in advance and looking forward for your reply.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy