Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bi-Directional Access and 3 way (SOLVED)

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 732 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Shatty
      last edited by

      Hi guys…new user here...1st post

      I searched the forums for the answer and every situation is different.  I have a 3 site setup working kinda.

      Master site (server site) 192.168.1.0 (pfSense 192.168.1.1) OpenVPN Server

      Remote site A 192.168.2.0 (Asus Merlin 192.168.2.1) OpenVPN client

      Remote site B 192.168.3.0 (Asus Merlin 192.168.3.1)OpenVPN client

      VPN net 192.168.100.0

      I can access the server side from any of the remote sites.  But I cant access from server side to remote side.  So it looks like the routing is working on the remote sites but not server site.  How do I make this happen? Looks like I have to add something on the pfSense config somewhere but I cant figure it out.  After I get this working, then I would be looking to get all nets talking to each other, remote sites talking to each other.  Not necessary now but in the future I would like the remote sites to talk to each other.

      1 Reply Last reply Reply Quote 0
      • S
        Shatty
        last edited by

        Anyone?

        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by

          You have to set up a client specific override for each client. This only works with SSL Auth.

          At "Common Name" enter the common name you've set in the clients certificate. At "IPv4 Local Network/s" enter the LAN network behind the server and the LAN behind the respective other client, in the "IPv4 Remote Network/s" box enter the LAN network behind the meant client. All networks in CIDR notation and comma separated.

          1 Reply Last reply Reply Quote 0
          • S
            Shatty
            last edited by

            @viragomann:

            You have to set up a client specific override for each client. This only works with SSL Auth.

            At "Common Name" enter the common name you've set in the clients certificate. At "IPv4 Local Network/s" enter the LAN network behind the server and the LAN behind the respective other client, in the "IPv4 Remote Network/s" box enter the LAN network behind the meant client. All networks in CIDR notation and comma separated.

            YOU ARE A LIFE SAVER!!  All I did was change to peer to peer SSL/TLS, added net info into remote nets, and the client specific entries.  And it worked!  A to B, B to C, and A to C.  3 Way VPN!  Thanks brother!!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.