Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site-to-site openvpn errors, possible via client/server mode?

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    1 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mxx
      last edited by

      Hi,

      My pfsense box at home now connects to a remote pfsense configured as peer to peer (unchecked client-to-client as suggested in the thread by SpaceBass, thank you!).
      I wanted to achieve that a server in a different subnet in my home network would be reachable by any host in the remote network.

      It didn't work in client/server mode though (not even to ping my pfsense box from the remote pfsense itself), which did when doing that manually before (connecting via openvpn in client mode to a openvpn running in server mode in the remote network, iroute et.c.).
      Why is that?

      Another question: though it does work now, I get these warnings and errors in the OpenVPN log on my side:

      Code:

      Jul 2 13:08:16 openvpn[21533]: Initialization Sequence Completed
      Jul 2 13:08:16 openvpn[21533]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
      Jul 2 13:08:16 openvpn[21533]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.0.10.2 10.0.10.1 init
      Jul 2 13:08:16 openvpn[21533]: /sbin/ifconfig ovpnc1 10.0.10.2 10.0.10.1 mtu 1500 netmask 255.255.255.255 up
      Jul 2 13:08:16 openvpn[21533]: do_ifconfig, tt->ipv6=0
      Jul 2 13:08:16 openvpn[21533]: TUN/TAP device /dev/tun1 opened
      Jul 2 13:08:14 openvpn[21533]: [pfsense.dap1.example.com] Peer Connection Initiated with [AF_INET] <remotewanip>:12002
      Jul 2 13:08:14 openvpn[21533]: WARNING: 'ifconfig' is present in remote config but missing in local config, remote='ifconfig 10.0.10.2 10.0.10.1'

      Especially regarding the last entry (actually the first as it's reverse )
      Does anyone know what's about that? Ifconfig is missing in local config? I explicitly specified the tunnel network on my client (=local config I suppose?), but the log entry is telling me that I didn't? Am I misinterpreting this message?
      This warning is repeated in intervals in the openvpn log.

      I'm wondering why I didn't get this setup to work using client/server though:

      It did work only into one direction. My pfsense box could ping any host in the remote network, but the remote network, even remote-pfsense itself was unable to even ping my box at all (although I setup rules in my client and remote box to allow all openvpn traffic from any source to any).
      I checked the routing table and I saw routes set up on the remote pfsense to my openvpn ip. But again.. it didn't work till I configured the server and "client" in a peer-to-peer mode.

      I'm also curious as to how I should set all that up in order to also being able to reach other OpenVPN Clients. Would I need a seperate tunnel configured client<-> server with "client-to-client" then? Or is this  all possible with only one tunnel?

      Thanks a lot for any help!

      Max</remotewanip>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.