Route OVPN users to subnet connected by a OVPN peer to peer tunnel?
-
Location A has a box running PfSense as gateway, and has a local subnet of 192.168.9.0
Location B (Colo site) has a CentOS box as gateway, and has a local subnet of 192.168.4.0On A's PfSense box a OVPN server, Peer to Peer shared key tunnel to B is configured, B is the client.
It also has another OVPN server configured, Remote Access (SSL/TLS) for remote users. The config has a "push route 192.168.4.0 255.255.255.0" additional command, and the "Allow communication between clients connected to this server" box is checked.Any machine on A can talk to any machine on B, and any machine on B can talk to any machine on A. However, remote vpn users can only talk to machines on A, and can not see anything on B.
Any suggestions?
-
The Remote Access clients know how to reach location B, because of the "push route". Now location B needs to know how to route back to the Remote Access network.
On the shared-key server at location A, you need:push "route n.n.n.n m.m.m.m"e.g. if your remote access subnet is 192.168.42.0/24
push "route 192.168.42.0 255.255.255.0"Then location B will know the way back to 192.168.42.0/24
Note: On 2.1 you can put a list of subnets in the "Local IPv4/6 Networks" boxes - that puts multiple "push route" statements in the config, rather than just 1. Adding "push route" in the advanced box is no longer needed. -
I figured out the answer to my problem.
I needed to add a route to the gateway at B for the subnet IP's being assigned the the vpn users