Hi Franklookyou need your help to configure OVPN
-
Hi Franklookyou i need your help what i am trying to reach is to make 5 sites to see each other with your configuration, i have a test enviroment where i already have configured 3 pfsense and with your excellent tutorial i already make site A to see site B and C, but i cant make site C connect and see site B, here is the server configuration i have, what left is 192.168.50.0/24 (B) i need to get connected and reach segment 192.168.40.0/24(C) in both sides.
writepid /var/run/openvpn_server3.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
client-to-client
server 10.8.0.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
lport 1198
push "dhcp-option DISABLE-NBT"
ca /var/etc/openvpn_server3.ca
cert /var/etc/openvpn_server3.cert
key /var/etc/openvpn_server3.key
dh /var/etc/openvpn_server3.dh
comp-lzo
persist-remote-ip
float
route 192.168.50.0 255.255.255.0
route 192.168.40.0 255.255.255.0
push "route 192.168.60.0 255.255.255.0"thanks in advance
Regards.
-
So, the hub can see everything, the spokes can see the hub, but the spokes can't see each other.
I'm pretty sure that this can be corrected … but I've never actually done it. It wasn't necessary for our setup, and I don't have anything as nice as the howto to help you with.
You'll certainly need to add some additional "custom options" to the client-specific configuration for the spokes -- for C, routing B traffic back to the hub. If I understand OVPN correctly, doing so will require both a route and iroute statement (see http://openvpn.net/index.php/documentation/howto.html / Including multiple machines on the client side …) for an overview.
That may not be all that's required, though. When I tried to set that up (months ago, and I only played with it for a few hours), I didn't make much progress.
I've been vaguely interested in seeing this work for a while now – I'm happy to help you out here. But for the short term, I don't really have enough spare machines to set up this kind of network, so I'm not going to have all the answers.
-ffh->
An interesting tidbit: you'll find that the B and C routers have been given addresses on your 10.8 network. If you have "Client-to-client VPN" checked on the home router, you'll find that B and C can ping each other using their 10.8 addresses.
-
thanks again Franklookyou i did it i add a custom option in client B route 192.168.40.0 255.255.255.255.0 and in client C route 192.168.50.0 255.255.255.0 and works right now i can see all segments from every where
-
Great! I'll be sure to add that fact next time I update the howto.