Routing Road Warrior to Site-To-Site, pfSense as OpenVPN client configuration

darko-san

Greetings,
I need your help with my configuration:

On one pfSense box I have the following OpenVPN configurations:

As a server for Road Warriors
Dynamic IP: yes
Address pool: 10.0.0.0/24
Local network: 192.168.1.0/24
Client-to-client VPN: yes
Cryptography: BF-CBC (128-bit)
Authentication method: PKI
CA cert
Server cert
Server key
DH parameters
TLS
LZO compression: yes

As server for Site-To-Site OpenVPN
Address pool: 10.10.10.1/24
Remote network: 192.168.2.0/24
Cryptography: BF-CBC (128-bit)
Authentication method: Shared key
Shared key cert
LZO compression: yes

My routing issue is:
From Site 1 I can reach hosts on Site 2 and vice versa.
From Road Warrior I can reach hosts on Site 1.
I want to be able to reach hosts in Site 2 from Road Warrior.
(for Sites references look at the attachment)

The other issue is related to configuring pfSense as OpenVPN client
This is my configuration for client machine that I want to make in pfSense
Client
dev tun
proto udp
remote a.b.c.d 1234
nobind
ca ca.crt
cert user.crt
key user.key
dh dh1024.pem
tls-auth shared.key
comp-lzo

The only option that is missing in the gui is DH, is there a way to add this additional option?

jimp

The client doesn't need dh parameters.

As for the other problem, on the road warrior server config, in the custom options, put:

push route 192.168.2.0 255.255.255.0;

And then on the site2 client for site-to-site, in the custom options, put:

route 10.0.0.0 255.255.255.0;

The first part should tell the clients that they can reach site2 via the OpenVPN connection. The second part will tell site2 how to route back to the OpenVPN road warrior subnet.