OpenVPN Site-to-Site Configuration Example with SSL/TLS
-
Hello guys,
I'm sorry to bother you but I guess I might need help.
I'm working on a site to site configuration. I use the following setup :
Two PFsense 2.4 routers, one is server, the other is a client.
I strictly followed every step of this manual on this link https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html (which is pretty well done).
I have two main problems / questions.
- I have a connection between the server and the client, I'm able to see the route wanted under (status --> openvpn --> routing table). When I connect to the PFsense gui on the server side and try to proceed to a ping of the pfsense client side, it doesn't works. But when I connect on the gui of the client side in order to proceed to a ping of the pfsense server, it works.
So I'm only able to get connection in one way, as I understood, I should be able to ping both server pfsense and client pfsense from one side or the other right ?
- If we suppose the first question is ok/resolved, is it possible to remote connect with open vpn (another instance/server) to this site to site vpn tunnel in order to get access ?
If I'm correct, I should create a remote openvpn new server/instance with a different tunnel, then, via "IPv4 local networks" push route to the LAN I would like to reach ? But should I also push the tunnel of the site to site vpn ? I'm a bit confuse about this.
Your help would be much appreciated,
Yorik
-
@yorik-bonsangue said in OpenVPN Site-to-Site Configuration Example with SSL/TLS:
I have a connection between the server and the client, I'm able to see the route wanted under (status --> openvpn --> routing table).
On both sites?
@yorik-bonsangue said in OpenVPN Site-to-Site Configuration Example with SSL/TLS:
When I connect to the PFsense gui on the server side and try to proceed to a ping of the pfsense client side, it doesn't works.
Did you add firewall rules to the clients OpenVPN interface to allow that?
@yorik-bonsangue said in OpenVPN Site-to-Site Configuration Example with SSL/TLS:
is it possible to remote connect with open vpn (another instance/server) to this site to site vpn tunnel in order to get access ?
No, a site-to-site setup is meant for only two sites.
You may setup a Multi-Purpose OpenVPN Instance instead the server, but that is quiet more difficult to configure.
So you better go with a second server instance. -
Dear viragomann,
Thank you a lot for your answer.
I just resolved my problem, problem I created myself.
Fyi, let me answer to you :
Yes I see the route on both sides and firewalls rules are ok.
Also, I'm not doing the site to site only but the multi-purpose instance (sorry) :
The solution was : (I'm ashamed), I did not realize that physicaly unpluging the interface deactivate the said interface and then make it unreachable, even under an icmp ping... I'm sorry for the inconvenience.
Thanks again,
Yorik