Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to Site not routing

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 934 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dohko_44
      last edited by

      Hello,

      I'm trying to do site to site with 3 sites, I would like all the sites to communicate with each other:

      (192.168.15.x)10.10.11.x –------- (192.168.10.x)10.10.11.x ---------- (192.168.224.x) 10.10.11.x
      Client                                            Server                                            Client

      I have 2 issues:

      1. The clients connect without a problem to the server and the pfSense client 10.10.11.x can communicate with 192.168.10.x but the subnets behind the clients can't connect to 192.168.10.x.
        The pfSense server 10.10.11.x however can't communicate with any local subnets.
        By looking at the traffic when issuing a ping from 192.168.224.x to 192.168.10.x, I see the ICMP packets on the openvpn interface of the client. However nothing shows up on the server tcpdump.
        If I enable nat on the client so 192.168.224.x traffic is replaced by the 10.10.11.x IP, the traffic goes through.

      2. The 2 clients 10.10.11.x do not communicate at all with each other, from pfSense, they can't ping each other.

      I attach server/client config, firewall rules on all open vpn interfaces are open to everything.
      The routes are being pushed correctly, routing tables look fine.

      Server:
      10.10.11.0/24 10.10.11.2 UGS 17 1500 ovpns3
      10.10.11.1 link#9 UHS 0 16384 lo0
      10.10.11.2 link#9 UH 0 1500 ovpns3
      127.0.0.1 link#6 UH 2662 16384 lo0
      192.168.10.0/24 link#2 U 117084 1500 em1
      192.168.10.1 link#2 UHS 0 16384 lo0
      192.168.11.0/24 link#3 U 0 1500 em2
      192.168.11.1 link#3 UHS 0 16384 lo0
      192.168.15.0/24 10.10.11.2 UGS 608 1500 ovpns3
      192.168.224.0/24 10.10.11.2 UGS 6 1500 ovpns3

      Client:
      10.10.10.0/24 10.10.11.5 UGS 0 1500 ovpnc1
      10.10.11.1/32 10.10.11.5 UGS 0 1500 ovpnc1
      10.10.11.5 link#7 UH 0 1500 ovpnc1
      10.10.11.6 link#7 UHS 0 16384 lo0
      127.0.0.1 link#5 UH 3199 16384 lo0
      192.168.10.0/24 10.10.11.5 UGS 8141 1500 ovpnc1
      192.168.11.0/24 10.10.11.5 UGS 0 1500 ovpnc1
      192.168.15.0/24 10.10.11.5 UGS 602 1500 ovpnc1
      192.168.224.0/24 link#2 U 50019 1500 em1
      192.168.224.30 link#2 UHS 0 16384 lo0

      I must be doing something wrong here but can't figure it out. At least the config should work for 2 sites, maybe not 3.
      Any help would be appreciated.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • D
        dohko_44
        last edited by

        It looks like I was missing the iroute statement for the clients. So now the clients subnets can connect to the server subnet but the can't connect to each other.
        192.168.224.x access 192.168.10.x but not 192.168.15.x.

        I must be missing another piece here.

        1 Reply Last reply Reply Quote 0
        • J
          jiunnyik
          last edited by

          Inter-client communication

          1 Reply Last reply Reply Quote 0
          • D
            dohko_44
            last edited by

            Actually it was a misconfiguration on one of the clients, it was missing the remote subnet option. I did not need to add the client-to-client option on the server side, it looks like when selecting peer to peer it's already there by default.

            Everything seems to be working now, thanks

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.