OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: MdB on February 20, 2019, 03:46:30 pm
-
When configuring an OpenVPN server for a peer-to-peer connection to another site, the user interface allows you to specify, under "IPv4/6 Remote Network", a (list of) far network(s) that are then automatically routed over the VPN connection. To enable these routes however, OpenVPN needs --iroute option(s) to really enable these routes (see OpenVPN documentation). These can be added on the server page under "Advanced configuration" or as a Client Specific Override, e.g.:
iroute 10.8.6.128 255.255.255.192
The user interface thus falsly suggests that specifying these networks as "IPv4/6 Remote Network" is sufficient. :(
(this sadly cost me half a day to figure out!)
-
Ehhm, nope. I have both clients and servers for site-to-site OpenVPN without this Advanced stuff, just doing fine for years...
Correct syntax for remote networks is
192.168.100.0/24,192.168.101.0/26