Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN Site to Site Routing

    OpenVPN
    3
    3
    374
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tehmischi last edited by

      Hi there,

      I'm basically trying to set up two site to site VPNs to the main network. I think it's probably a routing problem, but I have tried working it out for a few hours now and I'm not making any progress.

      I have the following setup:

      main network (192.168.190.0/24)
      site 1 (192.168.1.0/24)
      site 2 (192.168.2.0/24)

      It basically looks like this.

      client1                                                                                                                                                            client3
        |                                                                                                                                                                      |
      pfsense (site1) -> tunnel (10.0.7.0/24) -> pfsense (main) <- tunnel (10.0.6.0/24) <- gateway (site2) <- pfsense (site2)
        |                                                                                                                                                                      |
      client2                                                                                                                                                            client4

      I've set up two shared key site to site VPNs on the main pfsense and can connect to both of those with both sites respectively.

      Everything works as expected on site1, client 1 and 2 can access the main network.

      However on site2 the clients can't access the main network. I can ping the main network from the pfsense box on site2, but the clients can't. The setup is exactly the same as on site1 (except the different tunnel network and remote network on the VPN server obviously).
      I assume this is some issue with routing and having another gateway in between the tunnel and the pfsense as this is the only difference between the sites?

      I would really appreciate if someone could help me out here or point me in the right direction.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        @tehmischi:

        I assume this is some issue with routing and having another gateway in between the tunnel and the pfsense as this is the only difference between the sites?

        Another default gateway as the vpn endpoint. (Why?)

        If the set up should stay like this, you can get it work by adding static route for the main office network to the site 2 clients.

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          One of the nice things about OpenVPN is that clients can be behind other routers with generally no problems.

          If the tunnel is coming up and the site2 pfSense has a route for 192.168.190.0/24 into the ovpncX interface, then that is configured correctly.

          If that is the case I would check the firewall rules for OpenVPN at main to be sure they pass the traffic.

          If they do I would check the firewalls on the main hosts themselves to be sure they are not blocking the traffic.

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post