Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Site to site between 4 offices

    OpenVPN
    3
    10
    594
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jamerson last edited by

      Dear All,
      We have 4 offices al over the country, we have 4 hardware Pfsense installed and we are happy with the performace.
      Today we have builed 4 VPN OPENVPN site to site tunnels between the  offices and it does works fine ( thank you for the software).
      One of the offices has 5 VLANS which we managed to get the tunnel up and running however from the server side we can reach the machies on the client side we can rdp to the servers there, but from the client side we can't ping or connect to the servers behind the server lan below screenshot is a example how its configured.

      I've looked on the firewall logs on both firewalls but can't seem to find any block,
      Can Someone please advise where to look ? version we are using is 2.4.3

      Thank you

      1 Reply Last reply Reply Quote 0
      • JKnott
        JKnott last edited by

        Do you have rules to allow access to the VLANs?  I have attached an example.


        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • J
          Jamerson last edited by

          thank you for your answer,
          yes for each VLAN we have the rules to allow From VLAN30 to any to any

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Version 2.4.3? You mean the development version? Current production version is 2.4.2-patch1.

            You are not providing enough information for anyone to help you.

            You need to at least provide what networks are where and what local and remote networks are defined on the OpenVPN configurations.

            What kind of OpenVPN matters too. Is it SSL/TLS? Are they all connecting to one server or do they all have their own? etc.

            See the diagram in my sig for a hint at what kind of information is required.

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • J
              Jamerson last edited by

              @Derelict:

              Version 2.4.3? You mean the development version? Current production version is 2.4.2-patch1.

              You are not providing enough information for anyone to help you.

              You need to at least provide what networks are where and what local and remote networks are defined on the OpenVPN configurations.

              What kind of OpenVPN matters too. Is it SSL/TLS? Are they all connecting to one server or do they all have their own? etc.

              See the diagram in my sig for a hint at what kind of information is required.

              Thank you for your answer,
              yes I mean version 2.4.2 - Patch 1

              Server network is 10.10.10.0/24
              Client Network is 10.10.20.0/24
              the OEPNVPN we are using is a SSL PEER to PEER ( Shared key ) with AESA 256 bit Algorithm and SHA 512
              Tunnel ip is 10.6.0.0/24
              Each office is connecting to the same server and each tunnel has own IP
              10.6.0.0/24
              10.7.0.0/24
              10.8.0.0/24

              I hope i've provided enought information.
              i would like to create such diagram but which program can i use?

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                the OEPNVPN we are using is a SSL PEER to PEER ( Shared key )

                A Peer-to-Peer OpenVPN server is either SSL/TLS or Shared key. It cannot be both. How is yours actually configured?

                Maybe post screen shots instead of an approximation of what you think you have done.

                Chattanooga, Tennessee, USA
                The pfSense Book is free of charge!
                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • J
                  Jamerson last edited by

                  @Derelict:

                  the OEPNVPN we are using is a SSL PEER to PEER ( Shared key )

                  A Peer-to-Peer OpenVPN server is either SSL/TLS or Shared key. It cannot be both. How is yours actually configured?

                  Maybe post screen shots instead of an approximation of what you think you have done.

                  is Shared Key thank you no SSL thank you

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    OK so on each client side you need:

                    Remote Networks: 10.10.10.0/24,10.10.20.0/24

                    On the server instance for the first office you need:

                    Remote Networks: Remote networks on that side of the connection

                    Same for the server instances for the other two offices.

                    Firewall rules on the OpenVPN tab or the assigned interface tabs have to pass the desired traffic from the remote sites.

                    Chattanooga, Tennessee, USA
                    The pfSense Book is free of charge!
                    DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • J
                      Jamerson last edited by

                      @Derelict:

                      OK so on each client side you need:

                      Remote Networks: 10.10.10.0/24,10.10.20.0/24

                      On the server instance for the first office you need:

                      Remote Networks: Remote networks on that side of the connection

                      Same for the server instances for the other two offices.

                      Firewall rules on the OpenVPN tab or the assigned interface tabs have to pass the desired traffic from the remote sites.

                      this correct,
                      on each office has on the openvpn interface allow any to any, but the issue now is internal from the client side which can't reach the server.
                      i see we have a floating rules on the client side, would this be affecting the routes? and also we are using a multi WAN on this office.

                      thank you for your continue support

                      1 Reply Last reply Reply Quote 0
                      • Derelict
                        Derelict LAYER 8 Netgate last edited by

                        Please use specific IP addresses and a specific mode of testing so people can know exactly what you're talking about.

                        Thanks.

                        Chattanooga, Tennessee, USA
                        The pfSense Book is free of charge!
                        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post