Connectivity between OVPN Client and Peer-to-Peer networks



  • I have successfully created connections between 4 remote offices (see attached for deatils). My general settings for each server are:
    Server mode: Peer to Peer (Shared key)
    Protocol: UDP on IPv4 only
    Device mode: TUN
    IPv4 Tunnel Network: 10.X.Y.0/24 (X - Server# , Y - Client#)
    IPv4 Remote network(s): SiteY LAN

    Traffic runs from any LAN to any LAN.

    BUT when I'm connecting as an external OVPN Client to one of the servers I can reach only server's LAN I'm connected to, but not the other Sites LANs.
    My general settings for External connections:
    Server mode: Remote Access (SSL/TSL + User Auth)
    Protocol: UDP IPv4 and IPv6 on all interfaces (multihome) - this was set by default
    Device mode: TAP (also tried TUN)
    IPv4 Tunnel Network: 10.X.5.0/24 (X - Server#) - I'm using "5" for all external clients on all servers
    IPv4 Local network(s): ServerX LAN

    How can I get it work so External client can reach other remote networks?

    ![4 Site connection with pfSense and openVPN (1).png](/public/imported_attachments/1/4 Site connection with pfSense and openVPN (1).png)
    ![4 Site connection with pfSense and openVPN (1).png_thumb](/public/imported_attachments/1/4 Site connection with pfSense and openVPN (1).png_thumb)



  • My problem have the same issue.(Sorry about my poor English!!)

    I have four Pfsense server and one FortiNet firewall and using IPSec sites to sites VPN each other.
    It run so far so good.(every site under different site can use other site resource)

    But when I setup OpenVpn server 192.168.253.1/24
    when I using NB to connect OpenVpn server(site D),
    It get IP address 192.168.253.2,
    and can ping 192.168.3.254/24 ,

    But just can't ping 192.168.0.10/24 any Server.

    I add static route 192.168.253.0/24 to WAN.
    What else do I miss?

    ===

    My Problem had solved.
    https://forum.pfsense.org/index.php?topic=117344.0



  • Netgate

    How can I get it work so External client can reach other remote networks?

    The external client probably has no problem reaching the remote sites. What is probably missing is a route back for that remote access tunnel network.

    Site 2, Site 3, and Site 4 all need a Remote Network entry for 10.2.5.0/24 on the connection back to Site 1.



  • This thread solved my issue - https://forum.pfsense.org/index.php?topic=147108.0

    Added remote site's LANs into Access server's config.

    Works fine!

    Thanks!


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy