Site-to-site openvpn errors, possible via client/server mode?



  • Hi,

    My pfsense box at home now connects to a remote pfsense configured as peer to peer (unchecked client-to-client as suggested in the thread by SpaceBass, thank you!).
    I wanted to achieve that a server in a different subnet in my home network would be reachable by any host in the remote network.

    It didn't work in client/server mode though (not even to ping my pfsense box from the remote pfsense itself), which did when doing that manually before (connecting via openvpn in client mode to a openvpn running in server mode in the remote network, iroute et.c.).
    Why is that?

    Another question: though it does work now, I get these warnings and errors in the OpenVPN log on my side:

    Code:

    Jul 2 13:08:16 openvpn[21533]: Initialization Sequence Completed
    Jul 2 13:08:16 openvpn[21533]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Jul 2 13:08:16 openvpn[21533]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.0.10.2 10.0.10.1 init
    Jul 2 13:08:16 openvpn[21533]: /sbin/ifconfig ovpnc1 10.0.10.2 10.0.10.1 mtu 1500 netmask 255.255.255.255 up
    Jul 2 13:08:16 openvpn[21533]: do_ifconfig, tt->ipv6=0
    Jul 2 13:08:16 openvpn[21533]: TUN/TAP device /dev/tun1 opened
    Jul 2 13:08:14 openvpn[21533]: [pfsense.dap1.example.com] Peer Connection Initiated with [AF_INET] <remotewanip>:12002
    Jul 2 13:08:14 openvpn[21533]: WARNING: 'ifconfig' is present in remote config but missing in local config, remote='ifconfig 10.0.10.2 10.0.10.1'

    Especially regarding the last entry (actually the first as it's reverse )
    Does anyone know what's about that? Ifconfig is missing in local config? I explicitly specified the tunnel network on my client (=local config I suppose?), but the log entry is telling me that I didn't? Am I misinterpreting this message?
    This warning is repeated in intervals in the openvpn log.

    I'm wondering why I didn't get this setup to work using client/server though:

    It did work only into one direction. My pfsense box could ping any host in the remote network, but the remote network, even remote-pfsense itself was unable to even ping my box at all (although I setup rules in my client and remote box to allow all openvpn traffic from any source to any).
    I checked the routing table and I saw routes set up on the remote pfsense to my openvpn ip. But again.. it didn't work till I configured the server and "client" in a peer-to-peer mode.

    I'm also curious as to how I should set all that up in order to also being able to reach other OpenVPN Clients. Would I need a seperate tunnel configured client<-> server with "client-to-client" then? Or is this  all possible with only one tunnel?

    Thanks a lot for any help!

    Max</remotewanip>


Log in to reply