PC1 -> pfSense 1 <– site tunnel -> pfSense 2 <- PC2
-
Hello,
I have an OpenVPN connection between PC1 and network 10.10.0.0/24. I can access this network without problems.
I have a site-2-site tunnel from 10.10.0.0/24 to 10.21.0.0/24. Machines on the 10.10.0.0/24 network can access 10.21.0.0/24 and vice versa. The diagnostics/ping can ping any pc across the tunnel on the LAN interface.The problem is that PC1 does not have access through this tunnel. I suppose this is a routing issue. I have tried adding the following custom options to the VPN, but it doesn't help.
push "route 10.21.0.0 255.255.255.0"; <– this is pushed fine to the client. the windows routing table has a reference for 10.21.0.0/24
route "10.21.0.0 255.255.255.0"; <-- i think the problem is that the traffic is not routed properly on pfSense 1What am I doing wrong?
-
Why does everyone assume if something doesnt workt it's pfSense's fault?
What subnet do you use for your roadwarriors?
I hope you created a route entry in the config of the site-to-site for the roadwarrior-subnet as well.
If not, you can reach the 10.21.0.0/24 subnet from the roadwarrior, but the answer never gets back because no route exists. -
Where would I add that route? In the static routes?
-
Where would I add that route? In the static routes?
No in the config of the site-to-site OpenVPN tunnel on the 10.21.0.0/24 side.
For the site-to-site tunnel to work you had to add a route command for the subnet on the other side of the tunnel.
Just do the same again for the roadwarrior-subnet. -
Yes that worked. I tried using "push" on the site2site server but that didn't work (the route wasn't added).
-
Pushes only work for PKI's where the connecting clients recieve their configuration from the server.
In a site-to-site setup the whole config comes from the local config-file.
