Site-to-site openvpn errors, possible via client/server mode?
mxx last edited by
My pfsense box at home now connects to a remote pfsense configured as peer to peer (unchecked client-to-client as suggested in the thread by SpaceBass, thank you!).
I wanted to achieve that a server in a different subnet in my home network would be reachable by any host in the remote network.
It didn't work in client/server mode though (not even to ping my pfsense box from the remote pfsense itself), which did when doing that manually before (connecting via openvpn in client mode to a openvpn running in server mode in the remote network, iroute et.c.).
Why is that?
Another question: though it does work now, I get these warnings and errors in the OpenVPN log on my side:
Jul 2 13:08:16 openvpn: Initialization Sequence Completed
Jul 2 13:08:16 openvpn: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Jul 2 13:08:16 openvpn: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.0.10.2 10.0.10.1 init
Jul 2 13:08:16 openvpn: /sbin/ifconfig ovpnc1 10.0.10.2 10.0.10.1 mtu 1500 netmask 255.255.255.255 up
Jul 2 13:08:16 openvpn: do_ifconfig, tt->ipv6=0
Jul 2 13:08:16 openvpn: TUN/TAP device /dev/tun1 opened
Jul 2 13:08:14 openvpn: [pfsense.dap1.example.com] Peer Connection Initiated with [AF_INET] <remotewanip>:12002
Jul 2 13:08:14 openvpn: WARNING: 'ifconfig' is present in remote config but missing in local config, remote='ifconfig 10.0.10.2 10.0.10.1'
Especially regarding the last entry (actually the first as it's reverse )
Does anyone know what's about that? Ifconfig is missing in local config? I explicitly specified the tunnel network on my client (=local config I suppose?), but the log entry is telling me that I didn't? Am I misinterpreting this message?
This warning is repeated in intervals in the openvpn log.
I'm wondering why I didn't get this setup to work using client/server though:
It did work only into one direction. My pfsense box could ping any host in the remote network, but the remote network, even remote-pfsense itself was unable to even ping my box at all (although I setup rules in my client and remote box to allow all openvpn traffic from any source to any).
I checked the routing table and I saw routes set up on the remote pfsense to my openvpn ip. But again.. it didn't work till I configured the server and "client" in a peer-to-peer mode.
I'm also curious as to how I should set all that up in order to also being able to reach other OpenVPN Clients. Would I need a seperate tunnel configured client<-> server with "client-to-client" then? Or is this all possible with only one tunnel?
Thanks a lot for any help!