OpenVPN - Site-to-Site - Multiple Sites (Peer to Peer -Shared key)
-
Hi all!
I've a OpenVPN configuration to serve two remote sites:
MAIN OFFICE
SERVER LAN: 10.1.0.0/24BRANCH OFFICE 01
OPENVPN SERVER 01 CONFIGURATION:
Protocol: UDP
Port: 1195
Tunnel Network: 10.0.9.0/24
IPV4 LOCAL NETWORK: 10.1.0.0/24
REMOTE NETWORK: 192.168.1.0/24
Obs: this VPN is connected and works perfectly, from both sides I can ping, trace routes no problem.BRANCH OFFICE 02
OPENVPN SERVER 02 CONFIGURATION:
Protocol: UDP
Port: 1196
Tunnel Network: 10.0.10.0/24
IPV4 LOCAL NETWORK: 10.1.0.0/24
REMOTE NETWORK: 192.168.0.0/24
Obs: this VPN is connected, but I can ping only from client to server, and can't ping from server network to client.We've checked all configurations from both client sides, they're exactly the same, firewall rules.
What can I do to solve this ?
Thanks!
-
In Branch Office 02, how are you testing from the server network to the client?
Are you by chance trying to ping a Windows PC on the client network?
They are notorious for not allowing traffic from "unknown" networks.Try connecting to a printer's web page or some other device on the client network.
-
Hi!
Thanks a lot for your reply.
I'm testing pinging a device that is on Branch Office 02.
I've recreated the client and server VPN to this office, now I can't ping, but I can access file sharing (SMB), web server (IIS), but the ping stills not working and I checked the Firewall ICMP protocol is enabled to any network.
I'll put this server on domain and try again.
If you have further tests to tell me, I can do it.
Thanks again.
-
If you're getting something like SMB and HTTP traffic from the client (Branch Office 02 BrO2) talking to Head Office (HO), then I'd be pretty sure the OpenVPN connection is doing what it's supposed to and that's not the source of your problem.
As I said before, pinging a Windows PC on BrO2 from HO could be problematic. My favorite test method is to find a network printer (or photocopier or fax, etc.) that you can address by it's IP address. Those types of devices are usually fairly lax about access from an outside network and can be easily tested by using your browser (Chrome, Firefox, Safari, etc) to access the printer's IP address (or just try a ping).
You may be able to diagnose the ping to Windows problem, but it might not be worth the trouble if every thing else works anyway. I would definitely try a web or file server at BrO2 if no printer is available.
-
Hi!
Thanks a lot for your support.
We've found the solution, on our OVPNC1 interface was allowing only TCP/UDP traffic, so ICMP was blocking. We put ANY to allow all traffic and worked wel…
PRoblem is solved.
Thanks and have a nice weekend.
-
Great! glad to hear you got it working.
-
Hi fgmoyses,
Can you send me the details of client and server setup for multiple sites.Because I am tying almost one week to fix this issue.I am very glad if you send me your setup.
Thanks and regards.