Opnevpn cliente e site to site

viragomann

@miami71it said in Opnevpn cliente e site to site:

on the pfsense server 192.168.2.252 (where you connect with the client) there is the tunnel 192.168.222.0/24 and then there is the local network 192.168.2.0/24 which is the local network of the pfsense if I put that remote then the local no longer works

Nice. But I suggested you to add 192.168.111.0/24.

remotely there is another server which is 192.168.3.250 and it works fine, and the configuration is the same

Oh, that's a total new network. You didn't mention above.

the strange thing is that if I pin server 192.168.111.250 from server 192.168.2.250 it works, if instead I connect with opevpn client to site from an external office it doesn't work

This seems not strange to me, this let me assume that you're missing routes. And therefor I requested you to do some additional settings.

miami71it

@viragomann where do you tell me to add 192.168.111.250/32 there is currently written 192.168.2.0/24, can you add both? or a single network?

sorry I didn't write about another remote server as I thought it was not relevant, basically there are two remote networks, one works and one doesn't.

the configurations are identical only obviously the ip address and the tunnel changes

viragomann

@miami71it said in Opnevpn cliente e site to site:

where do you tell me to add 192.168.111.250/32 there is currently written 192.168.2.0/24, can you add both? or a single network?

Yes, the networks have to be in CIDR notation and comma separated. Should look like this line:

192.168.2.0/24,192.168.111.250/32

miami71it

@viragomann .it doesn't work from this error

The following input errors were detected:

The field 'IPv4 Tunnel Network' must contain a single valid ipv4 CIDR range.

viragomann

@miami71it
So what did you try to enter, dude?
The line what I suggested should work at all.

miami71it

@viragomann ok I inserted it, I restarted the service but the problem remains I connect to the VPN remotely and the server 192.168.111.250 does not pin it and I do not reach it

other ideas?

viragomann

@miami71it
Okay, for deeper investigation, please post the IPv4 Routing tables of both pfSense (Diagnostics > Routes) and of the client, also the firewall rules of the VPN interfaces and content of Status > Interfaces.

miami71it

@viragomann I am attaching a word document with the info yoPFSENSE.zip u requested

viragomann

@miami71it
So at the remote site (192.168.111.252) you're still missing the entries, which I suggested to add above.

In the OpenVPN peer-to-peer client the "IPv4 Remote Networks" box has to look like this

192.168.2.0/24,192.168.3.0/24,192.168.222.0/24

However, the routing table on 192.168.2.252 look somewhat odd. You should probably reboot the machine.

miami71it

@viragomann perfect now with your directions it works great

I THANK YOU

Li Laura

This post is deleted!