[SOLVED] Routing/VPN - multiple s2s/road warrior



  • Hi

    i know that there are lots of topics regarding these problems but none of them are helpful enough.

    Current Setup:

    Our "primary" Network 192.168.22.1 and our second Network 192.168.24.1 (two different Locations) are conmected by a OpenVPN s2s. The primary Network is also connected through a IPSec Tunnel to our third Network. There is also a Road Runner VPN. (see attachment)

    Current Situation:

    From our primary network i´m able to reach each other Network (site2 and site3)

    But i cant reach the 10.30.35.0/24 from Road Warrior/site2 and i also cant reach 192.168.24.0/24 from Road Warrior/site1 and vice versa. (see attachment red/green lines)

    I found this nice Guide from Stefcho: http://blog.stefcho.eu/routing-road-warrior’s-clients-through-a-site-to-site-vpn-with-pfsense-2-0-rc1-and-openvpn/

    I´ve added

    push route 192.168.24.0 255.255.255.0; to site1 Road Warrior Server and
    route 192.168.22.0 255.255.255.0; to the s2s Client (site2)
    but it still wont work. Could you please push me in the right direction?

    Config:
    pfSense site1 (s2s)
    ServerMode P2P Shared Key
    Protocol UDP
    Deice mode tun
    Interface: WAN
    Server Host: external IP
    Server Port: 1195
    Proxy: none
    Encryption: CBC
    Hardware Crypto: none
    IPv4 Tunnel: 192.168.55.0/24
    IPv4 Local Network: 192.168.22.0/24
    IPv4 Remote Network: 192.168.24.0/24
    Compression: No

    pfSense site1 (RW)

    ServerMode Remote Access SSL/TLS
    Protocol UDP
    Deice mode tun
    Interface: WAN
    Server Host: external IP
    Server Port: 1194
    Proxy: none
    Encryption: CBC
    Hardware Crypto: none
    IPv4 Tunnel: 192.168.44.0/24
    IPv4 Local Network: 192.168.22.0/24
    Compression: No
    Inter-client communication: Allow communication
    Duplicate Connections: Allow multiple concurrent connections
    Dynamic IP: yes
    AddressPool: provide a virtual Adapter
    DNS: 8.8.8.8
    Force DNS Update: yes
    NetBIOS Options: enabled
    Advanced: push route 192.168.24.0 255.255.255.0;

    pfSense site2

    ServerMode: P2P Shared Key
    Protocol: UDP
    Deice mode: tun
    Interface: WAN
    Server Host: external IP
    Server Port: 1195
    Proxy: none
    Encryption: CBC
    Hardware Crypto: none
    IPv4 Tunnel: 192.168.55.0/24
    IPv4 Local Network: 192.168.24.0/24
    IPv4 Remote Network: 192.168.22.0/24
    Compression: No
    Advanced: route 192.168.22.0 255.255.255.0;


  • Netgate

    Your site-to-site and remote access OpenVPN instances are both on 1195 on site 1?



  • Oh! of course not. Thanks for the Hint. Edited my Post.



  • Okai, solved. I´ve just miss typed some IPs. If you should have the same Problem chekc this Guide: http://blog.stefcho.eu/routing-road-warrior’s-clients-through-a-site-to-site-vpn-with-pfsense-2-0-rc1-and-openvpn/