2nd connection not working
-
OK, quick follow up…
I now have a single server with two remote sites :)
The tunnel network is 10.10.1.0/24
My OpenVPN server is assigned 10.10.1.1 and I can ping it
Both the remote sites are assigned 10.10.1.2
I would have expected remote site 1 site to be assigned 10.10.1.2 and remote site 2 to be assigned 10.10.1.3
-
Well is it an SSL/TLS Server with a larger tunnel network than /30?
Attached something I started working on last night in your honor.
 -
In my honor… :)
I appreciate your patience here as I am sure it will all make sense soon...
I am using a shared key so my server and 2 clients all have the same key.
So if /30 only allows 2 hosts then this is my problem is I have 3 hosts, server & 2 clients.
https://www.aelius.com/njh/subnet_sheet.htmlThis indicates to me that I cannot use shared key and need to use SSL/TLS so I can use a /29 subnet that allows 6 hosts
I had understood from the following link that I can use shared-key for up to 6 site-to-site connections:
"For more than 6 site to site connections, SSL/TLS (PKI) can be a better fit for ease of management"
https://doc.pfsense.org/index.php/OpenVPN_Site_To_SiteBottom line is I need to drop shared-key and use SSL/TLS for my single server & 2 clients, is this correct?
-
/29 is one server and 5 clients
Shared key is one server and one client.
You can do shared-key to multiple clients but each client requires a separate server process to connect to.
That /29 comment there looks like an opinion as to where the admin burden breaks the other way toward one SSL/TLS server with CSOs and iroutes.
-
Thank you. I have reconfigured my two clients to use TLS/SSL and have two connections now.
Experiencing another issue however, I will start a new thread for that.
-
In the client log I see the following:
Apr 3 11:55:45 openvpn 93927 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Apr 3 11:55:45 openvpn 93927 /sbin/ifconfig ovpnc1 10.0.8.3 10.0.8.1 mtu 1500 netmask 255.255.255.0 up
Apr 3 11:55:45 openvpn 93927 /sbin/route add -net 10.0.8.0 10.0.8.3 255.255.255.0
Apr 3 11:55:45 openvpn 93927 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1557 10.0.8.3 255.255.255.0 init
Apr 3 11:55:46 openvpn 93927 /sbin/route add -net 192.168.1.0 10.0.8.1 255.255.255.0
Apr 3 11:55:46 openvpn 93927 /sbin/route add -net 192.168.1.0 10.0.8.1 255.255.255.0
Apr 3 11:55:46 openvpn 93927 ERROR: FreeBSD route add command failed: external program exited with error status: 1
Apr 3 11:55:46 openvpn 93927 Initialization Sequence CompletedDoes this error indicate where the problem could be?
-
There is already a route in the routing table for 192.168.1.0/24 so another route to the same network cannot be added.
-
I Derelict,
I am unsure of why there would be a duplicate. I have checked under "Diagnostic/Routes" and can only find:
192.168.1.0/24 10.0.8.1 UGS 16 1500 ovpnc1
Is there somewhere else I should be looking?
-
Are you configuring ovpnc1 there? Maybe there is another openvpn instance with that set as a remote or tunnel network.
Maybe there is a stray OpenVPN process running (unlikely but possible) that has that network set.
If the route is in the routing table before you start OpenVPN, it will be unable to add that route and you will get that error.
-
Apologies for the delayed response. I have to walk away as this was doing my head in. It can't be this hard…
I have a VPN tunnel established between server and client1 (10.0.8.1 & 10.0.8.2)
Both server & client1 have openVPN fw rules allowing full access.
Server LAN can ping 10.0.8.1 & 10.0.8.2
Server pfSense can ping 10.0.8.1 & 10.0.8.2Client1 LAN can only ping 10.0.8.2
Client1 pfSense can ping 10.0.8.1 & 10.0.8.2Does this sound correct or does this indicate a problem?