Routing issue communicating over Site to Site VPN

Alasdair

@viragomann Where would I do this? Within the 'Advanced' settings?

viragomann

@alasdair

Alasdair

@viragomann Thank you - I have just made the change on the CSO, I've set 10.10.100.2/24 (and also tried 10.10.100.2/32), however, I am still having issues pinging from Site A to Site B.

EDIT: It is worth noting that the client is getting an IP address.

viragomann

@alasdair
It's pretty essential that the client get a certain IP for routing at all.
Did he even get the IP you stated?

Do you see the clients IP as gateway in the routing table for the remote network without having any static route set for it?

Alasdair

@viragomann The client gets an IP, even if I set the Tunnel network of the CSO to 10.10.100.0/24. The IP the client gets is 10.10.100.2.

If I remove all of the static routes at both sides, yes, the routes appear correctly in the routing table.

viragomann

@alasdair said in Routing issue communicating over Site to Site VPN:

The client gets an IP, even if I set the Tunnel network of the CSO to 10.10.100.0/24. The IP the client gets is 10.10.100.2

As mentioned, you need to state a certain IP out of the tunnel, not the tunnel network itself for properly routing to the remote site. Otherwise we won't get any step beyond.

I assume with that setting you can ping any remote interface IP of pfSense which is included in the "Remote networks"?

But you cannot access other devices at the remote site?

Alasdair

@viragomann To confirm, the 'IPv4 Tunnel Network' in the CSO, should be an IP outside of the tunnel? For example, 10.2.1.5?

From Diagnostics -> Ping, I get the following:

(Above - Server VPN interface pinging client router IP and visa versa).
So, I have partial success with Interface to Interface. Site B's router IP (client) can ping Site A's router IP(server), however, it doesn't work the other way around.

Between sites, I cannot ping Domain Controller A to Domain Controller B, and visa versa. Whereas, on the LAN's, I can ping between the hosts.

Essentially, the only thing working at the moment is the Client interface, pinging Site A's router IP from Site B's VPN interface. No other networking is working.

viragomann

@alasdair said in Routing issue communicating over Site to Site VPN:

To confirm, the 'IPv4 Tunnel Network' in the CSO, should be an IP outside of the tunnel? For example, 10.2.1.5?

It has to be within the servers tunnel network and must be stated in CIDR, e.g. 10.10.10.36/32.

Alasdair

@viragomann I have set it to 10.10.100.3/32, and this has not worked.

EDIT: After setting the CSO tunnel IP to the above, the client is not getting the correct IP. It's still getting 10.10.100.2, even after restarting services at both ends.

Alasdair

@viragomann I have fixed it!

I reconfigured the tunnel to be /30 (the error I was getting before was that 'allow duplicate connections' was enabled, and it failed to start due to this). I can now communicate between Site A and Site B.

Thank you for your patience whilst I troubleshooted this.