5. Site-to-site openvpn errors, possible via client/server mode?

Site-to-site openvpn errors, possible via client/server mode?

  • M

    Hi,

    My pfsense box at home now connects to a remote pfsense configured as peer to peer (unchecked client-to-client as suggested in the thread by SpaceBass, thank you!).
    I wanted to achieve that a server in a different subnet in my home network would be reachable by any host in the remote network.

    It didn't work in client/server mode though (not even to ping my pfsense box from the remote pfsense itself), which did when doing that manually before (connecting via openvpn in client mode to a openvpn running in server mode in the remote network, iroute et.c.).
    Why is that?

    Another question: though it does work now, I get these warnings and errors in the OpenVPN log on my side:

    Code:

    Jul 2 13:08:16 openvpn[21533]: Initialization Sequence Completed
    Jul 2 13:08:16 openvpn[21533]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Jul 2 13:08:16 openvpn[21533]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.0.10.2 10.0.10.1 init
    Jul 2 13:08:16 openvpn[21533]: /sbin/ifconfig ovpnc1 10.0.10.2 10.0.10.1 mtu 1500 netmask 255.255.255.255 up
    Jul 2 13:08:16 openvpn[21533]: do_ifconfig, tt->ipv6=0
    Jul 2 13:08:16 openvpn[21533]: TUN/TAP device /dev/tun1 opened
    Jul 2 13:08:14 openvpn[21533]: [pfsense.dap1.example.com] Peer Connection Initiated with [AF_INET] <remotewanip>:12002
    Jul 2 13:08:14 openvpn[21533]: WARNING: 'ifconfig' is present in remote config but missing in local config, remote='ifconfig 10.0.10.2 10.0.10.1'

    Especially regarding the last entry (actually the first as it's reverse )
    Does anyone know what's about that? Ifconfig is missing in local config? I explicitly specified the tunnel network on my client (=local config I suppose?), but the log entry is telling me that I didn't? Am I misinterpreting this message?
    This warning is repeated in intervals in the openvpn log.

    I'm wondering why I didn't get this setup to work using client/server though:

    It did work only into one direction. My pfsense box could ping any host in the remote network, but the remote network, even remote-pfsense itself was unable to even ping my box at all (although I setup rules in my client and remote box to allow all openvpn traffic from any source to any).
    I checked the routing table and I saw routes set up on the remote pfsense to my openvpn ip. But again.. it didn't work till I configured the server and "client" in a peer-to-peer mode.

    I'm also curious as to how I should set all that up in order to also being able to reach other OpenVPN Clients. Would I need a seperate tunnel configured client<-> server with "client-to-client" then? Or is this  all possible with only one tunnel?

    Thanks a lot for any help!

    Max</remotewanip>

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy