Routing Road Warrior to Site-To-Site, pfSense as OpenVPN client configuration

  • Greetings,
    I need your help with my configuration:

    On one pfSense box I have the following OpenVPN configurations:

    As a server for Road Warriors
    Dynamic IP: yes
    Address pool:
    Local network:
    Client-to-client VPN: yes
    Cryptography: BF-CBC (128-bit)
    Authentication method: PKI
    CA cert
    Server cert
    Server key
    DH parameters
    LZO compression: yes

    As server for Site-To-Site OpenVPN
    Address pool:
    Remote network:
    Cryptography: BF-CBC (128-bit)
    Authentication method: Shared key
    Shared key cert
    LZO compression: yes

    My routing issue is:
    From Site 1 I can reach hosts on Site 2 and vice versa.
    From Road Warrior I can reach hosts on Site 1.
    I want to be able to reach hosts in Site 2 from Road Warrior.
    (for Sites references look at the attachment)

    The other issue is related to configuring pfSense as OpenVPN client
    This is my configuration for client machine that I want to make in pfSense
    dev tun
    proto udp
    remote a.b.c.d 1234
    ca ca.crt
    cert user.crt
    key user.key
    dh dh1024.pem
    tls-auth shared.key

    The only option that is missing in the gui is DH, is there a way to add this additional option?
    ![networking problem.jpg](/public/imported_attachments/1/networking problem.jpg)
    ![networking problem.jpg_thumb](/public/imported_attachments/1/networking problem.jpg_thumb)

  • Rebel Alliance Developer Netgate

    The client doesn't need dh parameters.

    As for the other problem, on the road warrior server config, in the custom options, put:

    push route;

    And then on the site2 client for site-to-site, in the custom options, put:


    The first part should tell the clients that they can reach site2 via the OpenVPN connection. The second part will tell site2 how to route back to the OpenVPN road warrior subnet.

Log in to reply