"
Thanks for the great answers. I will break up my DNS server options.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / How to use DHCP options in Dnsmasq?
February 11, 2026, 04:31:40 AM
The DHCP options settings interface in Dnsmasq is a tad confusing.
You can select both a DHCP4 option and a DHCP6 option, but there is only one place to set a value. So which option does the value apply to?
For example, if I want to set the DNS servers, I would pick Option4 dns-server[6] and Option6 dns-server[23], but what value do I put? Is it the IPv4 DNS server than a colon and then the IPv6 DNS-servers?
If, on the other hand, you should only pick one Option type at a time, someone should redesign the interface to make this a little more intuitive.
You can select both a DHCP4 option and a DHCP6 option, but there is only one place to set a value. So which option does the value apply to?
For example, if I want to set the DNS servers, I would pick Option4 dns-server[6] and Option6 dns-server[23], but what value do I put? Is it the IPv4 DNS server than a colon and then the IPv6 DNS-servers?
If, on the other hand, you should only pick one Option type at a time, someone should redesign the interface to make this a little more intuitive.
#3
Virtual private networks / Re: OpenVPN site to site two way communication
December 17, 2023, 07:13:42 AM
OMG I finally got it working!!
I entered the certificate's Description not it's CN in the client specific override. Once I fixed this it all started working.
I'm still not used to subnet topology (all my configs use net30) so I will need to do some more reading to get my head around what exactly is going on here.
jaj1105 if you followed the example on the Opnsense documentation I am pretty certain you have the same problem. You need to either fix the CSO or create one if you didn't.
I entered the certificate's Description not it's CN in the client specific override. Once I fixed this it all started working.
I'm still not used to subnet topology (all my configs use net30) so I will need to do some more reading to get my head around what exactly is going on here.
jaj1105 if you followed the example on the Opnsense documentation I am pretty certain you have the same problem. You need to either fix the CSO or create one if you didn't.
#4
Virtual private networks / Re: OpenVPN site to site two way communication
December 17, 2023, 06:07:29 AM
It's definitely something in the way OPNsense is creating the server vpn conf file because I copied my configs that I wrote by hand that I use on OpenWRT to each Opnsense server and it works perfectly and I can now ping devices in the client network from the server network.
#5
Virtual private networks / Re: OpenVPN site to site two way communication
December 17, 2023, 03:56:24 AM
I tried the advice of using the packet capture.
I logged into the server via SSH and tried to ping the client vpn's LAN interface. I see the icmp packet leaving the server on the ovpns1 interface but on the client vpn i never see it arrive on the ovpnc1 interface.
If I log into the client vpn firewall via SSH and I ping the server vpn LAN interface I see the icmp-request and icmp-reply packets on both firewalls.
Is something broken in OpenVPN????
I logged into the server via SSH and tried to ping the client vpn's LAN interface. I see the icmp packet leaving the server on the ovpns1 interface but on the client vpn i never see it arrive on the ovpnc1 interface.
If I log into the client vpn firewall via SSH and I ping the server vpn LAN interface I see the icmp-request and icmp-reply packets on both firewalls.
Is something broken in OpenVPN????
#6
Virtual private networks / Re: OpenVPN site to site two way communication
December 17, 2023, 03:17:39 AM
I have the exact same problem.
I disabled the firewall packet inspection on both firewalls to rule out that it's a firewall rule and that didn't help.
If the client vpn can ping the server vpn lan interface the the routes have to be correct or else the server would not have the correct route to reply back to the client.
There is nothing in any firewall log or any log for that matter indicating why traffic going to the client site is being blocked.
I have never had an issue setting up OpenVPN site to site VPNs on other platforms but on those platforms I'm not locked into a GUI interface.
I disabled the firewall packet inspection on both firewalls to rule out that it's a firewall rule and that didn't help.
If the client vpn can ping the server vpn lan interface the the routes have to be correct or else the server would not have the correct route to reply back to the client.
There is nothing in any firewall log or any log for that matter indicating why traffic going to the client site is being blocked.
I have never had an issue setting up OpenVPN site to site VPNs on other platforms but on those platforms I'm not locked into a GUI interface.
Pages1
