Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN Multiple Site-to-Sites routing problem!

    OpenVPN
    1
    1
    411
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 2
      2bad4u last edited by

      I'm trying to setup a Peer to Peer ( SSL /TLS) as this:

      Site A : Server multi wan and LAN = 10.0.0.0/23
      Site B : static ip and LAN = 10.0.2.0/24
      Site C : static ip and LAN = 10.0.3.0/24

      Tunnel Network = 10.1.1.0/24

      I have created WAN rules for the port 44441 and OPENVPN on all sites.

      OpenVPN Server Config Site A:

      dev ovpns3
      verb 1
      dev-type tun
      dev-node /dev/tun3
      writepid /var/run/openvpn_server3.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-256-CBC
      auth SHA256
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local 127.0.0.1
      tls-server
      server 10.1.1.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc/server3
      ifconfig 10.1.1.1 10.1.1.2
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'pfs.srv.int.cert' 1"
      lport 44441
      management /var/etc/openvpn/server3.sock unix
      push "route 10.0.0.0 255.255.255.0"
      route 10.0.2.0 255.255.255.0
      route 10.0.3.0 255.255.255.0
      ca /var/etc/openvpn/server3.ca
      cert /var/etc/openvpn/server3.cert
      key /var/etc/openvpn/server3.key
      dh /etc/dh-parameters.2048
      tls-auth /var/etc/openvpn/server3.tls-auth 0
      comp-lzo yes
      topology subnet

      CSO Site A config for Site B:
      Common name = pfsense01
      Tunnel Network = 10.1.1.0/24
      IPv4 Remote Network/s = 10.0.2.0/24

      CSO Site A config for Site C:
      Common name = pfsense02
      Tunnel Network = 10.1.1.0/24
      IPv4 Remote Network/s = 10.0.3.0/24

      OpenVPN Client Config Site B:

      dev ovpnc1
      verb 1
      dev-type tun
      dev-node /dev/tun1
      writepid /var/run/openvpn_client1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-256-CBC
      auth SHA256
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local XX.XX.XX.XX
      tls-client
      client
      lport 0
      management /var/etc/openvpn/client1.sock unix
      remote XX.XX.XX.XX 44441
      ca /var/etc/openvpn/client1.ca
      cert /var/etc/openvpn/client1.cert
      key /var/etc/openvpn/client1.key
      tls-auth /var/etc/openvpn/client1.tls-auth 1
      comp-lzo yes
      resolv-retry infinite

      OpenVPN Client Config Site C:

      dev ovpnc2
      verb 1
      dev-type tun
      dev-node /dev/tun2
      writepid /var/run/openvpn_client2.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-256-CBC
      auth SHA256
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local XX.XX.XX.XX
      tls-client
      client
      lport 0
      management /var/etc/openvpn/client2.sock unix
      remote XX.XX.XX.XX 44441
      ca /var/etc/openvpn/client2.ca
      cert /var/etc/openvpn/client2.cert
      key /var/etc/openvpn/client2.key
      tls-auth /var/etc/openvpn/client2.tls-auth 1
      comp-lzo yes
      resolv-retry infinite

      This is where i get stuck;

      Site A can ping Site B and Site B can ping Site A

      Site A cannot ping Site C and Site C can ping Site A

      Site B cannot ping Site C and Site C cannot ping Site B

      There are no connection problems from TLS or certificate.

      Could you please help me.
      Thanking you in advance and looking forward for your reply.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post