VPN Site to Site problem after accessing remote.
-
Guys, I will try to explain it in the best way and I hope you guys can help me.
I have a Site to Site VPN (using IPsec) working perfectly. Let's call it Site A and Site B.
My problem is, when I'm at my home and I connect to Site A (Client to Site using OpenVPN), I join in my A network without problems, but I can not ping anything to Site BAny tips of what can i do?
-
You need to set the routing between B and the OpenVPN tunnel network in IPSec.
To do so you have to add a second phase 2 to the IPSec configuration. -
Thanks for your Help! I add a second phase but i cannot access the site b yet. Im posting my confs:
My OpenVPN conf.
10.0.3.0/24 = My OpenVpn network
192.168.108.0/22 = My internal Network
172.16.0.0/16 = My Site B internal network(connected through Ipsec site to site)My Ipsec Conf
The first entry entry of second phase is part of my vpn site to site, the second entry is the route i add trying to follow your tip.
Can you help?
Thanks.
-
Have also you added the second phase 2 on site B?
-
Still nothing =// Route added on site B. This is my conf file from openvpn client:
dev tun persist-tun persist-key proto udp cipher AES-128-CBC auth SHA1 resolv-retry infinite remote 187.28.XX.XX 1198 route 192.168.108.0 255.255.252.0 ifconfig 172.25.1.2 172.25.1.1 keepalive 10 60 ping-timer-rem secret fwr-udp-1198.secret.key
I My openvpn server, i set it up the routes, i need to add something in my conf file?
-
Seems to be a very old pfSense version.
Don't know, what client you're running. Doesn't it support pulling of routes, cause you have stated the route for the LAN in the client config? If it doesn't support pulling routes you have also to state the site B LAN here.
Also maybe the route line in the client config will thwart the push routes command from server. Look in the client log for details.
-
I am using the latest openvpn client for windows. I made tests by adding the routes just on the client and another just on the server, I did not succeed. My version of Pfsense is really old V 2.2.6.
I configured the routes on the server:
persist-tun persist-key push "route 172.25.1.0 255.255.255.0"; push "route 172.16.0.0 255.255.0.0";
172.25…..my range on this tunnel
172.16....The range from lan of B site. -
I presume, the routes on the client are not added by pushing from server.
Check the clients routing table.