Site to Site not routing

  • Hello,

    I'm trying to do site to site with 3 sites, I would like all the sites to communicate with each other:

    (192.168.15.x)10.10.11.x –------- (192.168.10.x)10.10.11.x ---------- (192.168.224.x) 10.10.11.x
    Client                                            Server                                            Client

    I have 2 issues:

    1. The clients connect without a problem to the server and the pfSense client 10.10.11.x can communicate with 192.168.10.x but the subnets behind the clients can't connect to 192.168.10.x.
      The pfSense server 10.10.11.x however can't communicate with any local subnets.
      By looking at the traffic when issuing a ping from 192.168.224.x to 192.168.10.x, I see the ICMP packets on the openvpn interface of the client. However nothing shows up on the server tcpdump.
      If I enable nat on the client so 192.168.224.x traffic is replaced by the 10.10.11.x IP, the traffic goes through.

    2. The 2 clients 10.10.11.x do not communicate at all with each other, from pfSense, they can't ping each other.

    I attach server/client config, firewall rules on all open vpn interfaces are open to everything.
    The routes are being pushed correctly, routing tables look fine.

    Server: UGS 17 1500 ovpns3 link#9 UHS 0 16384 lo0 link#9 UH 0 1500 ovpns3 link#6 UH 2662 16384 lo0 link#2 U 117084 1500 em1 link#2 UHS 0 16384 lo0 link#3 U 0 1500 em2 link#3 UHS 0 16384 lo0 UGS 608 1500 ovpns3 UGS 6 1500 ovpns3

    Client: UGS 0 1500 ovpnc1 UGS 0 1500 ovpnc1 link#7 UH 0 1500 ovpnc1 link#7 UHS 0 16384 lo0 link#5 UH 3199 16384 lo0 UGS 8141 1500 ovpnc1 UGS 0 1500 ovpnc1 UGS 602 1500 ovpnc1 link#2 U 50019 1500 em1 link#2 UHS 0 16384 lo0

    I must be doing something wrong here but can't figure it out. At least the config should work for 2 sites, maybe not 3.
    Any help would be appreciated.


  • It looks like I was missing the iroute statement for the clients. So now the clients subnets can connect to the server subnet but the can't connect to each other.
    192.168.224.x access 192.168.10.x but not 192.168.15.x.

    I must be missing another piece here.

  • Inter-client communication

  • Actually it was a misconfiguration on one of the clients, it was missing the remote subnet option. I did not need to add the client-to-client option on the server side, it looks like when selecting peer to peer it's already there by default.

    Everything seems to be working now, thanks

Log in to reply