Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hi Franklookyou need your help to configure OVPN

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GARED2006
      last edited by

      Hi Franklookyou i need your help what i am trying to reach is to make 5 sites to see each other with your configuration, i have a test enviroment where i already have configured 3 pfsense and with your excellent tutorial i already make site A to see site B and C, but i cant make site C connect and see site B, here is the server configuration i have, what left is 192.168.50.0/24 (B) i need to get connected and reach segment 192.168.40.0/24(C) in both sides.

      writepid /var/run/openvpn_server3.pid
      #user nobody
      #group nobody
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      dev tun
      proto udp
      cipher BF-CBC
      up /etc/rc.filter_configure
      down /etc/rc.filter_configure
      client-to-client
      server 10.8.0.0 255.255.255.0
      client-config-dir /var/etc/openvpn_csc
      lport 1198
      push "dhcp-option DISABLE-NBT"
      ca /var/etc/openvpn_server3.ca
      cert /var/etc/openvpn_server3.cert
      key /var/etc/openvpn_server3.key
      dh /var/etc/openvpn_server3.dh
      comp-lzo
      persist-remote-ip
      float
      route 192.168.50.0 255.255.255.0
      route 192.168.40.0 255.255.255.0
      push "route 192.168.60.0 255.255.255.0"

      thanks in advance

      Regards.

      1 Reply Last reply Reply Quote 0
      • F
        franklookyou
        last edited by

        So, the hub can see everything, the spokes can see the hub, but the spokes can't see each other.

        I'm pretty sure that this can be corrected … but I've never actually done it.  It wasn't necessary for our setup, and I don't have anything as nice as the howto to help you with.

        You'll certainly need to add some additional "custom options" to the client-specific configuration for the spokes -- for C, routing B traffic back to the hub.  If I understand OVPN correctly, doing so will require both a route and iroute statement (see http://openvpn.net/index.php/documentation/howto.html / Including multiple machines on the client side …) for an overview.

        That may not be all that's required, though.  When I tried to set that up (months ago, and I only played with it for a few hours), I didn't make much progress.

        I've been vaguely interested in seeing this work for a while now – I'm happy to help you out here.  But for the short term, I don't really have enough spare machines to set up this kind of network, so I'm not going to have all the answers.

        -ffh->

        An interesting tidbit: you'll find that the B and C routers have been given addresses on your 10.8 network.  If you have "Client-to-client VPN" checked on the home router, you'll find that B and C can ping each other using their 10.8 addresses.

        1 Reply Last reply Reply Quote 0
        • G
          GARED2006
          last edited by

          thanks again Franklookyou i did it i add a custom option in client B route 192.168.40.0 255.255.255.255.0 and in client C route 192.168.50.0 255.255.255.0 and works right now i can see all segments from every where

          1 Reply Last reply Reply Quote 0
          • F
            franklookyou
            last edited by

            Great!  I'll be sure to add that fact next time I update the howto.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.