Site-to-site OpenVPN: server LAN reachable from client LAN

lucaset256

Hi there,

I'm struggling with a site to site configuration which has been set as follows:

Server OpenVPN (running on Ubuntu) (Switzerland)
Client OpenVPN Pfsense (Italy)

The connection between those 2 is up and running

I can ping: the OVPN server and every single client on server side on LAN(192.168.1.0/1) from my pfSense diagnostic ping tool --> but only if pinging from WAN or OVPN INTERFACE

I can't ping any server-side clients where pinging from LAN, nor the OVPN server itself: 100% packet loss.

What am I doing wrong?
Diagramma senza titolo.drawio.png

pfsense static route:
Schermata 2022-12-26 alle 14.07.56.png

pfsense tunnel remote IP
Schermata 2022-12-26 alle 13.57.47.png

pfsense ping from OVPN INTERFACE (leaving default the pinging source, I have successful ping as well)
Schermata 2022-12-26 alle 13.58.39.png

pfsense ping from LAN
Schermata 2022-12-26 alle 13.59.33.png

traceroute, this is interesting:
Schermata 2022-12-26 alle 14.02.36.png

Pinging the server side router (192.168.1.1) from "Any" source, I get a new tunneling IP: 10.0.12.129 (?)

OVPN SERVER
Schermata 2022-12-26 alle 14.04.37.png

any hints?

Jarhead

@lucaset256 Make the tunnel a /30 or /31.

lucaset256

@jarhead problem solved, I was missing some static routes on both the routers...

I opened a new topic here since I now have different issues with rules and interface.
Thank you