Site to Site OpenVPN on PFsense 22.05
-
Hi,
im trying to setup a site to site VPN ( peer to peer SSL/TLS)
the VPN Tunel seams to work fine but there is not traffic going throughand ive noticed some weird behavior that i don't understand
The subnet of the tunnel is 192.168.70.0/24
Client LAN network: 192.168.10.0/24 ( this need to access Server LAN )
Server LAN Network 192.168.0.0/24This is a picture of the route on the server side of the VPN
The 192.168.70.1 ping here but not the 192.168.70.2
The ip 192.168.70.2 is the client side tunnel gateway
like you can see the route of the networks point to 192.168.70.2 which doesnt ping
shouldnt they be pointing to 192.168.70.1 ? would make more sens if the gateway of these subnet is actually the gateway of the server side VPN tunnel but i could be wrong
And this is the client side vpn routing table
192.168.42.92 being my WAN internet IP and 192.168.42.129 is the gateway
this can be ignored so far.
What i don't understand is that no subnet route is generated here like it should by the openvpn configuration like we see on server side so how it could be possible to 192.168.10.0/24 to actually be routed into the tunnel .
And again 192.168.70.2 ping well here since its the local gateway on the client side but impossible to ping 192.168.70.1 from 192.168.70.2
In this picture we can see the wanna be route for the tunnel subnet 192.168.70.0/24
but instead OpenVPN create a broken route
So any idea how to fix this cos the route are auto generated by the UI configuration of OpenVPN and i cant find how to rewrite or fix the routes
-
@nerigal First off, if it's a site to site you should be using a /30, or /31, for the tunnel. Change the tunnel address to 192.168.70.0/30.
Then , post screenshots of your OpenVPN config.
You probably have the local and remote networks sections populated incorrectly. -
interesting, in every demo i saw or procedure i read, it was all about /24 for the tunnel but ok lets try /30
here is my server side Tunnel config
This is the client side Tunnel config
