OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: samnet on September 24, 2020, 09:41:27 am

Title: Multi Site VPN and routing to each site without CSO
Post by: samnet on September 24, 2020, 09:41:27 am

Dear All
Im struggling to make the proper Multisite VPN to interconnect between all sites.
I recall doing it few years back but cant replicate this in the new opnsense edition. not sure if this is version restriction or something related.
I have:

Site A (Openvpn Server) Ip 192.168.11.0/24 / OVPN Tunnel IP 10.10.11.0/30 (note Ive selected /30 not /24)

Site B (Openvpn Client) Ip 192.168.22.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)

Site C (Openvpn Client) Ip 192.168.33.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)

Site B and C can ping and connect to Site A and vice versa.

but I cant get site B and C to communicate (even through Site A and yes Im fine with single point of failure on site A) I just want it to work.
I recall doing this in the past editions by adding the subnet in the "IPv4 Remote Network" of each client. but this didnt work I tried adding even on the server remote network. can someone clarify how this can be done?

Title: Re: Multi Site VPN and routing to each site without CSO
Post by: teknoadmin on September 25, 2020, 01:13:51 pm

Hi Samnet,

you need to assign an interface to ovpn client B and C, and then set static routes accordingly.
Also, you need to correct your tunnels configuration.
You have configured a S2S as a multi client network.

I.E.

Site B 192.168.33.0/24 GW 10.10.22.2 (Ovpn GW Site A)
Site C 192.168.22.0/24 GW 10.10.23.2 (Ovpn GW Site A)

And check the rules on OVPN tab

Regards

Title: Re: Multi Site VPN and routing to each site without CSO
Post by: samnet on September 28, 2020, 01:37:15 pm

Quote from: teknoadmin on September 25, 2020, 01:13:51 pm

Hi Samnet,

you need to assign an interface to ovpn client B and C, and then set static routes accordingly.
Also, you need to correct your tunnels configuration.
You have configured a S2S as a multi client network.

I.E.

Site B 192.168.33.0/24 GW 10.10.22.2 (Ovpn GW Site A)
Site C 192.168.22.0/24 GW 10.10.23.2 (Ovpn GW Site A)

And check the rules on OVPN tab

Regards

Did really get you on this
Do I need to do static route?
8 have managed to get it working by inserting remote network on each site
Would this be ok?
Also what gateway do mean?

Title: Re: Multi Site VPN and routing to each site without CSO
Post by: mimugmail on September 28, 2020, 01:47:12 pm

Why not using CSO? It works flawless with CSOs