Netgate SG-1000 microFirewall

Author Topic: Bi-Directional Access and 3 way (SOLVED)  (Read 152 times)

0 Members and 1 Guest are viewing this topic.

Offline Shatty

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Bi-Directional Access and 3 way (SOLVED)
« on: January 02, 2018, 10:39:45 pm »
Hi guys...new user here...1st post

I searched the forums for the answer and every situation is different.  I have a 3 site setup working kinda.

Master site (server site) 192.168.1.0 (pfSense 192.168.1.1) OpenVPN Server


Remote site A 192.168.2.0 (Asus Merlin 192.168.2.1) OpenVPN client

Remote site B 192.168.3.0 (Asus Merlin 192.168.3.1)OpenVPN client

VPN net 192.168.100.0

I can access the server side from any of the remote sites.  But I cant access from server side to remote side.  So it looks like the routing is working on the remote sites but not server site.  How do I make this happen? Looks like I have to add something on the pfSense config somewhere but I cant figure it out.  After I get this working, then I would be looking to get all nets talking to each other, remote sites talking to each other.  Not necessary now but in the future I would like the remote sites to talk to each other.

« Last Edit: January 06, 2018, 05:22:33 pm by Shatty »

Offline Shatty

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Bi-Directional Access
« Reply #1 on: January 05, 2018, 11:01:40 am »
Anyone?

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2618
  • Karma: +275/-1
    • View Profile
Re: Bi-Directional Access
« Reply #2 on: January 05, 2018, 02:18:02 pm »
You have to set up a client specific override for each client. This only works with SSL Auth.

At "Common Name" enter the common name you've set in the clients certificate. At "IPv4 Local Network/s" enter the LAN network behind the server and the LAN behind the respective other client, in the "IPv4 Remote Network/s" box enter the LAN network behind the meant client. All networks in CIDR notation and comma separated.

Offline Shatty

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Bi-Directional Access
« Reply #3 on: January 06, 2018, 05:21:38 pm »
You have to set up a client specific override for each client. This only works with SSL Auth.

At "Common Name" enter the common name you've set in the clients certificate. At "IPv4 Local Network/s" enter the LAN network behind the server and the LAN behind the respective other client, in the "IPv4 Remote Network/s" box enter the LAN network behind the meant client. All networks in CIDR notation and comma separated.

YOU ARE A LIFE SAVER!!  All I did was change to peer to peer SSL/TLS, added net info into remote nets, and the client specific entries.  And it worked!  A to B, B to C, and A to C.  3 Way VPN!  Thanks brother!!