4. Site to Site not routing

Site to Site not routing

  • D

    Hello,

    I'm trying to do site to site with 3 sites, I would like all the sites to communicate with each other:

    (192.168.15.x)10.10.11.x –------- (192.168.10.x)10.10.11.x ---------- (192.168.224.x) 10.10.11.x
    Client                                            Server                                            Client

    I have 2 issues:

    1. The clients connect without a problem to the server and the pfSense client 10.10.11.x can communicate with 192.168.10.x but the subnets behind the clients can't connect to 192.168.10.x.
      The pfSense server 10.10.11.x however can't communicate with any local subnets.
      By looking at the traffic when issuing a ping from 192.168.224.x to 192.168.10.x, I see the ICMP packets on the openvpn interface of the client. However nothing shows up on the server tcpdump.
      If I enable nat on the client so 192.168.224.x traffic is replaced by the 10.10.11.x IP, the traffic goes through.

    2. The 2 clients 10.10.11.x do not communicate at all with each other, from pfSense, they can't ping each other.

    I attach server/client config, firewall rules on all open vpn interfaces are open to everything.
    The routes are being pushed correctly, routing tables look fine.

    Server:
    10.10.11.0/24 10.10.11.2 UGS 17 1500 ovpns3
    10.10.11.1 link#9 UHS 0 16384 lo0
    10.10.11.2 link#9 UH 0 1500 ovpns3
    127.0.0.1 link#6 UH 2662 16384 lo0
    192.168.10.0/24 link#2 U 117084 1500 em1
    192.168.10.1 link#2 UHS 0 16384 lo0
    192.168.11.0/24 link#3 U 0 1500 em2
    192.168.11.1 link#3 UHS 0 16384 lo0
    192.168.15.0/24 10.10.11.2 UGS 608 1500 ovpns3
    192.168.224.0/24 10.10.11.2 UGS 6 1500 ovpns3

    Client:
    10.10.10.0/24 10.10.11.5 UGS 0 1500 ovpnc1
    10.10.11.1/32 10.10.11.5 UGS 0 1500 ovpnc1
    10.10.11.5 link#7 UH 0 1500 ovpnc1
    10.10.11.6 link#7 UHS 0 16384 lo0
    127.0.0.1 link#5 UH 3199 16384 lo0
    192.168.10.0/24 10.10.11.5 UGS 8141 1500 ovpnc1
    192.168.11.0/24 10.10.11.5 UGS 0 1500 ovpnc1
    192.168.15.0/24 10.10.11.5 UGS 602 1500 ovpnc1
    192.168.224.0/24 link#2 U 50019 1500 em1
    192.168.224.30 link#2 UHS 0 16384 lo0

    I must be doing something wrong here but can't figure it out. At least the config should work for 2 sites, maybe not 3.
    Any help would be appreciated.

    Thanks.

    0
  • D

    It looks like I was missing the iroute statement for the clients. So now the clients subnets can connect to the server subnet but the can't connect to each other.
    192.168.224.x access 192.168.10.x but not 192.168.15.x.

    I must be missing another piece here.

    0
  • J

    Inter-client communication

    0
  • D

    Actually it was a misconfiguration on one of the clients, it was missing the remote subnet option. I did not need to add the client-to-client option on the server side, it looks like when selecting peer to peer it's already there by default.

    Everything seems to be working now, thanks

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy