Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing Road Warrior to Site-To-Site, pfSense as OpenVPN client configuration

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 7.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      darko-san
      last edited by

      Greetings,
      I need your help with my configuration:

      On one pfSense box I have the following OpenVPN configurations:

      As a server for Road Warriors
      Dynamic IP: yes
      Address pool: 10.0.0.0/24
      Local network: 192.168.1.0/24
      Client-to-client VPN: yes
      Cryptography: BF-CBC (128-bit)
      Authentication method: PKI
      CA cert
      Server cert
      Server key
      DH parameters
      TLS
      LZO compression: yes

      As server for Site-To-Site OpenVPN
      Address pool: 10.10.10.1/24
      Remote network: 192.168.2.0/24
      Cryptography: BF-CBC (128-bit)
      Authentication method: Shared key
      Shared key cert
      LZO compression: yes

      My routing issue is:
      From Site 1 I can reach hosts on Site 2 and vice versa.
      From Road Warrior I can reach hosts on Site 1.
      I want to be able to reach hosts in Site 2 from Road Warrior.
      (for Sites references look at the attachment)

      The other issue is related to configuring pfSense as OpenVPN client
      This is my configuration for client machine that I want to make in pfSense
      Client
      dev tun
      proto udp
      remote a.b.c.d 1234
      nobind
      ca ca.crt
      cert user.crt
      key user.key
      dh dh1024.pem
      tls-auth shared.key
      comp-lzo

      The only option that is missing in the gui is DH, is there a way to add this additional option?
      ![networking problem.jpg](/public/imported_attachments/1/networking problem.jpg)
      ![networking problem.jpg_thumb](/public/imported_attachments/1/networking problem.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The client doesn't need dh parameters.

        As for the other problem, on the road warrior server config, in the custom options, put:

        push route 192.168.2.0 255.255.255.0;
        

        And then on the site2 client for site-to-site, in the custom options, put:

        route 10.0.0.0 255.255.255.0;
        

        The first part should tell the clients that they can reach site2 via the OpenVPN connection. The second part will tell site2 how to route back to the OpenVPN road warrior subnet.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.