Hi there
I have an issue in building a second Client to site VPN on an Opnsense where a Site to site vpn server already exists.
In the map attached you can see the actual infrastructure.
Site to Site work like a charm and I can reach the "WIN2" machine from the "WIN1" machine (Ping and RDP)
If I create a second VPN server for users to connect, on a different acces port 1195 and I just enable IT (no need to mount any tunnel :
- I can mount the connection from public to RT1
- 1rst VPN S2S connection do not fall
but the issue is that I cannot reach the 192.168.60.0 network any more after from WIN1 machine (no ping no RDP)
With 2nd VPN server connection, I can reach only WIN1 and RT1 but nor 192.168.60.0 .
At the point where I just disable it (with the Play button), all thing are getting well as before.
Any idea with this key things ? I can give you more info if needed
(https://eko.team/capt.png)
Hi,
the IPv4 Tunnel Network should be 192.168.1.0/30... than you have max to hosts in the network (192.168.1.1 and 192.168.1.2). Than you can push routes for both sides
Datacenter (192.168.0.0/24) example:
dev ovpns5
verb 3
dev-type tun
dev-node /dev/tun5
writepid /var/run/openvpn_server5.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-128-CBC
auth SHA256
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local 192.168.181.20
tls-server
ifconfig 192.168.1.1 192.168.1.2
tls-verify "deleted"
lport 1198
management /var/etc/openvpn/server5.sock unix
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
Client side:
push "route 192.168.0.0 255.255.255.0"
and on the client side the way back. Also have in mind to create firewall rules.
For the second tunnel you can use next /30 netmask 192.168.1.5 - 192.168.1.6 192.168.1.4/30...
If you choose /24 in your example it didn't work because the client get an dynamic adresse...
Br Andreas