OpenVPN Multiple Site-to-Sites routing problem!



  • I'm trying to setup a Peer to Peer ( SSL /TLS) as this:

    Site A : Server multi wan and LAN = 10.0.0.0/23
    Site B : static ip and LAN = 10.0.2.0/24
    Site C : static ip and LAN = 10.0.3.0/24

    Tunnel Network = 10.1.1.0/24

    I have created WAN rules for the port 44441 and OPENVPN on all sites.

    OpenVPN Server Config Site A:

    dev ovpns3
    verb 1
    dev-type tun
    dev-node /dev/tun3
    writepid /var/run/openvpn_server3.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    auth SHA256
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 127.0.0.1
    tls-server
    server 10.1.1.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc/server3
    ifconfig 10.1.1.1 10.1.1.2
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'pfs.srv.int.cert' 1"
    lport 44441
    management /var/etc/openvpn/server3.sock unix
    push "route 10.0.0.0 255.255.255.0"
    route 10.0.2.0 255.255.255.0
    route 10.0.3.0 255.255.255.0
    ca /var/etc/openvpn/server3.ca
    cert /var/etc/openvpn/server3.cert
    key /var/etc/openvpn/server3.key
    dh /etc/dh-parameters.2048
    tls-auth /var/etc/openvpn/server3.tls-auth 0
    comp-lzo yes
    topology subnet

    CSO Site A config for Site B:
    Common name = pfsense01
    Tunnel Network = 10.1.1.0/24
    IPv4 Remote Network/s = 10.0.2.0/24

    CSO Site A config for Site C:
    Common name = pfsense02
    Tunnel Network = 10.1.1.0/24
    IPv4 Remote Network/s = 10.0.3.0/24

    OpenVPN Client Config Site B:

    dev ovpnc1
    verb 1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    auth SHA256
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local XX.XX.XX.XX
    tls-client
    client
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote XX.XX.XX.XX 44441
    ca /var/etc/openvpn/client1.ca
    cert /var/etc/openvpn/client1.cert
    key /var/etc/openvpn/client1.key
    tls-auth /var/etc/openvpn/client1.tls-auth 1
    comp-lzo yes
    resolv-retry infinite

    OpenVPN Client Config Site C:

    dev ovpnc2
    verb 1
    dev-type tun
    dev-node /dev/tun2
    writepid /var/run/openvpn_client2.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    auth SHA256
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local XX.XX.XX.XX
    tls-client
    client
    lport 0
    management /var/etc/openvpn/client2.sock unix
    remote XX.XX.XX.XX 44441
    ca /var/etc/openvpn/client2.ca
    cert /var/etc/openvpn/client2.cert
    key /var/etc/openvpn/client2.key
    tls-auth /var/etc/openvpn/client2.tls-auth 1
    comp-lzo yes
    resolv-retry infinite

    This is where i get stuck;

    Site A can ping Site B and Site B can ping Site A

    Site A cannot ping Site C and Site C can ping Site A

    Site B cannot ping Site C and Site C cannot ping Site B

    There are no connection problems from TLS or certificate.

    Could you please help me.
    Thanking you in advance and looking forward for your reply.


Log in to reply