Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [Solved] OpenVPN Site-to-Site host pfsense services on main site

    OpenVPN
    1
    2
    845
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maguiar last edited by

      hello,

      I have 8 sites conected by openvpn in "Peer to Peer (SSL/TLS) one server (Main Office) and seven clients (branch).

      Everthing work fine, all devices in local lan reach anothers devices in local lan, voip, DNS, Intranet are ok.

      Well, i decided all pfsense host make administrative login on LDAP server, located em main office. But no success.

      Host pfsense of branch office not connect to services located in lan of main office.

      I cannot ping from pfsense of branch to main oficservice, but openvpn service is restart o branch ping begin work and stop after 5 or 10 minutes.

      I found if select "Source address" LAN ping always work.

      this is my scenario:

      Main office
      Site A : Server with public ip and LAN = 192.168.0.0/24

      Site B : dynamic ip and LAN = 192.168.101.0/24

      Site C : dynamic ip and LAN = 192.168.102.0/24

      Site D : dynamic ip and LAN = 192.168.104.0/24

      Site E : dynamic ip and LAN = 192.168.105.0/24

      I've already setup the site-to-site vpns with success, where

      This is the setup i made so far:

      OpenVPN Main Server Config : (VPN peer2peer SSL/TSL) with Site B, C, D, E

      OpenVPN Server Config:

      Server Mode: Peer to Peer ( SSL/TLS )
      Protocol: UDP
      Device Mode: tun
      Interface: WAN
      Local port: 1194
      IPv4 Tunnel Network: 10.0.101.0/24
      IPv6 Tunnel Network: blank
      Redirect Gateway: blank
      IPv4 Local Network/s: 192.168.0.0/24
      IPv6 Local Network/s: blank
      IPv4 Remote Network/s: blank
      IPv6 Remote Network/s: blank
      Compression: enabled
      Type-of-Service: blank
      Duplicate Connections: blank
      Certificate Depth : one (client/server)
      Inter-client communication: checked
      Topology: subnet

      Advanced configuration:
      Custom options

      route 192.168.101.0 255.255.255.0;
      route 192.168.102.0 255.255.255.0;
      route 192.168.103.0 255.255.255.0;
      route 192.168.104.0 255.255.255.0;
      route 192.168.105.0 255.255.255.0;

      Client Specific Override (created 7, one for each site)

      Common name: (matching with certificate name)
      IPv4 Tunnel Network: 10.0.101.0/24
      IPv4 Local Network/s: 192.168.101.0/24,192.168.102.0/24,192.168.103.0/24,192.168.104.0/24,192.168.105.0/24 (less local lan)
      IPv6 Local Network/s: blank
      IPv4 Remote Network/s: 192.168.101.0/24 (each site has your local lan)
      IPv6 Remote Network/s: blank
      Redirect Gateway: blank
      Advanced:  blank;

      OpenVPN Client - branch office Config : (VPN peer2peer SSL/TSL) with Site Main

      OpenVPN Client Config:

      Server Mode: Peer to Peer ( SSL/TLS )
      Protocol: UDP
      Device Mode: tun
      Interface: WAN
      Local port: 1194
      IPv4 Tunnel Network: 10.0.101.0/24
      IPv6 Tunnel Network: blank
      Redirect Gateway: blank
      IPv4 Local Network/s: blank
      IPv6 Local Network/s: blank
      IPv4 Remote Network/s: blank
      IPv6 Remote Network/s: blank
      Compression: enabled
      Type-of-Service: blank
      Duplicate Connections: blank
      Disable IPv6: blank
      Certificate Depth : one (client+server)
      Advanced configuration:blank
      Topology: subnet

      now that is my problem

      pfsense host client dont connect at services in main office unless say to use LAN as "Source address" unless can configure ldap client service

      Again: station on lan of pfsense branch office ping with success in server located on lan of pfsense main office, but pfsense branch office cannot ping server located on lan of pfsense main office

      sample ping from station OK.

      192.168.101.5 (client) ==> 192.168.101.1 (pfsense branch) <=====> tunnel OPENVPN <====> 192.168.0.2 (pfsense main)  =====> 192.168.0.10 (server) (PING OK both sides)

      sample ping problem from pfsense host

      192.168.101.1 (pfsense branch) <=====> tunnel OPENVPN <====> 192.168.0.2 (pfsense main)  =====> 192.168.0.10 (server) (PING FAIL)

      Rules firewall are ok

      Outbound NAT Mode: Automatic outbound NAT rule generation.

      thanks for Any help







      1 Reply Last reply Reply Quote 0
      • M
        maguiar last edited by

        Tired of tinkering with the production environment to find out the problem and sometimes knocking down all the connections I decided to build a lab of virtual machines / networks and followed this tutorial creating an environment from scratch.

        https://forum.pfsense.org/index.php?topic=144212.0

        And I have achieved connectivity between all pfsense hosts also between pfense hosts and the servers located in the Main Office.

        With this result I went into the production environment and created a new openvpn server on different port and started to migrate the branches from old configuration to new successfully.

        The above link is very practical and produces very little configuration on the clients, controlling almost everything in server configuration.

        Thanks to the friends who tried to help.

        Now I can rest my head, 8) 8) 8), because I have not thought of anything else for more than 7 days.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post