Hi Franklookyou need your help to configure OVPN
Hi Franklookyou i need your help what i am trying to reach is to make 5 sites to see each other with your configuration, i have a test enviroment where i already have configured 3 pfsense and with your excellent tutorial i already make site A to see site B and C, but i cant make site C connect and see site B, here is the server configuration i have, what left is 192.168.50.0/24 (B) i need to get connected and reach segment 192.168.40.0/24(C) in both sides.
keepalive 10 60
server 10.8.0.0 255.255.255.0
push "dhcp-option DISABLE-NBT"
route 192.168.50.0 255.255.255.0
route 192.168.40.0 255.255.255.0
push "route 192.168.60.0 255.255.255.0"
thanks in advance
So, the hub can see everything, the spokes can see the hub, but the spokes can't see each other.
I'm pretty sure that this can be corrected … but I've never actually done it. It wasn't necessary for our setup, and I don't have anything as nice as the howto to help you with.
You'll certainly need to add some additional "custom options" to the client-specific configuration for the spokes -- for C, routing B traffic back to the hub. If I understand OVPN correctly, doing so will require both a route and iroute statement (see http://openvpn.net/index.php/documentation/howto.html / Including multiple machines on the client side …) for an overview.
That may not be all that's required, though. When I tried to set that up (months ago, and I only played with it for a few hours), I didn't make much progress.
I've been vaguely interested in seeing this work for a while now – I'm happy to help you out here. But for the short term, I don't really have enough spare machines to set up this kind of network, so I'm not going to have all the answers.
An interesting tidbit: you'll find that the B and C routers have been given addresses on your 10.8 network. If you have "Client-to-client VPN" checked on the home router, you'll find that B and C can ping each other using their 10.8 addresses.
thanks again Franklookyou i did it i add a custom option in client B route 192.168.40.0 255.255.255.255.0 and in client C route 192.168.50.0 255.255.255.0 and works right now i can see all segments from every where
Great! I'll be sure to add that fact next time I update the howto.