Multi Site VPN and routing to each site without CSO

samnet · September 24, 2020, 09:41:27 AM

Dear All
Im struggling to make the proper Multisite VPN to interconnect between all sites.
I recall doing it few years back but cant replicate this in the new opnsense edition. not sure if this is version restriction or something related.
I have:

Site A (Openvpn Server) Ip 192.168.11.0/24 / OVPN Tunnel IP 10.10.11.0/30 (note Ive selected /30 not /24)

Site B (Openvpn Client) Ip 192.168.22.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)

Site C (Openvpn Client) Ip 192.168.33.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)

Site B and C can ping and connect to Site A and vice versa.

but I cant get site B and C to communicate (even through Site A and yes Im fine with single point of failure on site A) I just want it to work.
I recall doing this in the past editions by adding the subnet in the "IPv4 Remote Network" of each client. but this didnt work I tried adding even on the server remote network. can someone clarify how this can be done?

teknoadmin · September 25, 2020, 01:13:51 PM

Hi Samnet,

you need to assign an interface to ovpn client B and C, and then set static routes accordingly.
Also, you need to correct your tunnels configuration.
You have configured a S2S as a multi client network.

I.E.

Site B 192.168.33.0/24 GW 10.10.22.2 (Ovpn GW Site A)
Site C 192.168.22.0/24 GW 10.10.23.2 (Ovpn GW Site A)

And check the rules on OVPN tab

Regards

samnet · September 28, 2020, 01:37:15 PM

Quote from: teknoadmin on September 25, 2020, 01:13:51 PM
Hi Samnet,

you need to assign an interface to ovpn client B and C, and then set static routes accordingly.
Also, you need to correct your tunnels configuration.
You have configured a S2S as a multi client network.

I.E.

Site B 192.168.33.0/24 GW 10.10.22.2 (Ovpn GW Site A)
Site C 192.168.22.0/24 GW 10.10.23.2 (Ovpn GW Site A)

And check the rules on OVPN tab

Regards

Did really get you on this
Do I need to do static route?
8 have managed to get it working by inserting remote network on each site
Would this be ok?
Also what gateway do mean?

mimugmail · September 28, 2020, 01:47:12 PM

Why not using CSO? It works flawless with CSOs

Multi Site VPN and routing to each site without CSO

samnet

September 24, 2020, 09:41:27 AM

teknoadmin

September 25, 2020, 01:13:51 PM #1

samnet

September 28, 2020, 01:37:15 PM #2

mimugmail

September 28, 2020, 01:47:12 PM #3