OpenVPN Site-2-Site issue

[mauro2319]

Hello everyone,

OPNsense user since a bit more than a year now, i am facing an issue with an OpenVPN site-2-site configuration. Basically, i manage the IT of 2 different companies, one from my godfather and the other from a friend, for which i would like to establish a permanent OpenVPN tunnel from my OPNsense to their. I didn't set up both OpenVPN configuration exactly the same way, one is made with SSL/TLS certificate and the other with a Shared key.
I manage to configure the one with the shared key without an issue, all my local computers can ping any of the workstation at the company site, but the one with SSL/TLS, my OPNsense GW can ping everything there, the link is up and running, but none of my local computers do ping anything there.
Of course i manage to run different subnets on the 3 networks, 3 different tunnel subnet as well.
Using an OpenVPN client instead is working fine, once the connection is established i can ping everything there without an issue.
In the log, i see a message that OpenVPN failed in setup routes, but when i try to do so manually, i have a OK to the command, but it is still not working that i can ping distant machines using a local workstation at my home.
Here is some entry log while initiating the connection to the failing OpenVPN instance :

2021-05-17T08:14:09   openvpn[59920]   Initialization Sequence Completed   
2021-05-17T08:14:09   openvpn[59920]   ERROR: FreeBSD route add command failed: external program exited with error status: 1   
2021-05-17T08:14:08   openvpn[59920]   /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc3 1500 1553 10.0.18.6 10.0.18.5 init   
2021-05-17T08:14:08   openvpn[59920]   /sbin/ifconfig ovpnc3 10.0.18.6 10.0.18.5 mtu 1500 netmask 255.255.255.255 up   
2021-05-17T08:14:08   openvpn[59920]   TUN/TAP device /dev/tun3 opened   
2021-05-17T08:14:08   openvpn[59920]   TUN/TAP device ovpnc3 exists previously, keep at program end   
2021-05-17T08:14:07   openvpn[59920]   [OpenVPN-Immo server certificate] Peer Connection Initiated with [AF_INET]*.*.*.*:1194 (via [AF_INET]*.*.*.*%)   
2021-05-17T08:14:07   openvpn[59920]   WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this   
2021-05-17T08:14:07   openvpn[59920]   UDP link remote: [AF_INET]*.*.*.*:1194   
2021-05-17T08:14:07   openvpn[59920]   UDP link local: (not bound)   
2021-05-17T08:14:07   openvpn[59920]   TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1194   
2021-05-17T08:14:07   openvpn[59920]   NOTE: the current --script-security setting may allow this configuration to call user-defined scripts   
2021-05-17T08:14:07   openvpn[59920]   WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.   
2021-05-17T08:14:07   openvpn[59920]   WARNING: using --pull/--client and --ifconfig together is probably not what you want   
2021-05-17T08:14:07   openvpn[43881]   library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10   
2021-05-17T08:14:07   openvpn[43881]   OpenVPN 2.4.9 amd64-portbld-freebsd12.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 25 2021   
2021-05-17T08:14:07   openvpn[43881]   WARNING: file '/var/etc/openvpn/client3.up' is group or others accessible

Thanks in advance for your help.

[mauro2319]

Nobody has a clue for me ?
Thanks

[mauro2319]

Last try, hope to get some help here, thanks everyone.

[mauro2319]

Hi all,

just wanted to give some update. I created another connection on the remote server with shared key only instead of certificate exchange, and this one is working.
I am not sure why it isn't working with certificate exchange, and i don't really know where to look. If someone has an idea ...