OPNsense Forum
English Forums => Documentation and Translation => Topic started by: Gauss23 on December 08, 2020, 07:37:50 pm
-
Edit: just found: https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
which shows the client-specific override section. It seems as if this is only needed, if you use the SSL/TLS mode of OpenVPN. Maybe that should be noted. Now I know the difference :)
____
Hi,
I'm referencing to this page:
https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html
For an OpenVPN site-2-site tunnel the documentation is missing the note that you need a client-specific override on the server side. You configure the remote network twice. Once in the main server config (all remote networks from clients connecting to that server are added there) and second in a client-specific override, where the remote network(s) from that client (mapped through the common name) are listed again. Otherwise you'll see a route in the system routing table but no traffic will be reaching it's target, because the OpenVPN daemon won't know to which client this network belongs and will discard the packet.