Hello
I am trying the OpenVPN Site To Site architecture.
with the classic configuration everything works fine, there are two sites (client) each of them has two OpenVPN tunnels to a central site which has two OpenVPN Servers configured.
when I say classic configuration, I mean that on the central site, the configuration of the two OpenVPN servers have (Local Networks) and (Remote Networks) configured, as well as the networks of each remote site are configured on (Client specific overrides)
At this stage, I've tested two-way end-to-end communication and it works perfectly.
but as the central site has twenty networks and the remote sites each have five, I decided to configure dynamic routing.
so I removed (Local Networks) and (Remote Networks) from the two OpenVPN servers, installed the FRR plugin, enabled BGP
but at this stage, even though the four tunnels are up, BGP isn't working and I've got (failedpeers) for BGP on the central site and the two remote sites
after research, it turned out that OpenVPN interfaces had to be assigned on all three sites, as BGP needs tunnel interfaces and not the default group of interfaces called OpenVPN
once this was done, BGP worked perfectly and routes were distributed to all three sites.
now, the problem is that the tunnels are up, the BGP is OK, on the firewall rules I've set pass any everywhere but the traffic doesn't pass from end to end in both directions.
on further research, I realized that you need to configure gateways on the sites
on the remote sites, each of them has two interfaces ovpnc1 and ovpnc2, so I configured the gateway OVPNC1_VPNV4 with the IP of OVPNS1 and the gateway OVPNC2_VPNV4 with the IP of OVPNS2.
on the remote site side, as ovpns1 and ovpns2 interfaces connect several tunnels, there are gateways OVPNS1_GW and OVPNS2_GW but no IP address configured
but still no traffic
what i am missing ?
thank you
			
			
			
				You probably need a GRE tunnel inside your OpenVPN tunnel in order for the Routing Protocols to be passed through.
EDIT: Not sure with Openvpn though... As you wrote the BGP exchanged routes and works...
			
			
			
				yes BGP is OK all routes well distributed along the all sites
what it is weird, it is when i log to OPNsense of the remote site1 for example, from OPNsense i can access endpoints on the networks of the central site
but from an endpoint on the network of the remote site1, i cannot access endpoints on the networks of the central site
i tried liveview on OPNsense, and absolutely no traffic displayed when i try a communication from the endpoint on remote site1 to endpoints of central site
 of course the endpoint on remote site1 has its gateway the LAN IP of OPNsense of the remote site1, and i m sure absolutely there is a pass any everywhere
at the same time, when i access the OPNsense of the central site, i CANNOT access endpoints on the networks of the remote sites, even all the routing table is ok and this OPNsense can access the tunnel interfaces of the remote sites
it is like IPSec, transport mode is the classical one, but to use dynamic routing we must chose VTI the routed mode
now, for OpenVPN classical mode works, dynamic routing themselves are working but no traffic
so i wonder if there is some parameters to modify on OpenVPN when using dynamic routing