VPN tunnel up but no traffic get routed

hhjohan

Hi, I have been struggling with this for way to many hours and my ideas are running out. I get the feeling I miss something but I can't find what.
I have a point to point tunnel set up and it connects fine, but I can't get traffic thru as supposed.
On the client end i can from pfsense ping my network interface on the remote pfsense if I select the VPN tunnel as source, any other interface can't.
From the remote pfsense I can't ping the local interface ip at all.
To me that sounds like an issue with routing or rules, but as far as I can see I can find the problem.

In openvpn log i get this:
Aug 30 09:12:13 openvpn 90100 ERROR: FreeBSD route add command failed: external program exited with error status: 1
Aug 30 09:12:13 openvpn 90100 /sbin/route add -net 192.168.2.0 192.168.113.1 255.255.255.0
Aug 30 09:12:13 openvpn 90100 /sbin/route add -net 192.168.2.0 192.168.113.1 255.255.255.0
Aug 30 09:12:13 openvpn 90100 /usr/local/sbin/ovpn-linkup ovpnc1 1500 0 192.168.113.2 255.255.255.0 init
Aug 30 09:12:13 openvpn 90100 /sbin/ifconfig ovpnc1 192.168.113.2/24 mtu 1500 up

but the routes seems to be generated anyway, maybe related to the double route add commands, but I have no idea whey it get doubled.

This is my routing table:
Skärmbild (19).png

and this is my rules:
Skärmbild (20).png
Skärmbild (21).png

Inputs are highly appreciated as I am running out of hair on my head...

Rico

Your OpenVPN group tab is only allowing incoming TCP traffic.

-Rico

hhjohan

@Rico I didn't really understand your answer, did you see something wrong or was it just information?
I have another vpn tunnel towards the same server side which works fine, the rules on the OpenVPN interfaces look identical.

But you got my eye on the protocol allowed, changed to "all" but didn't solve the problem with ping from remote side

hhjohan

192.168.2.1 is the address on my remote pfsense interface that I try to ping from client pfsense.

Stef93

https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-route-internet-traffic.html
I suggest re-reading the instructions) 90% of all answers to questions can be seen there.
For example, you have not added a new interface with openvpn (interfaces > Interface Assignments

After added and applied, be sure to restart openvpn

hhjohan

@Stef93 Turned out that I have missed to add a Client Specific Override, but couldn't get it to work anyway.
Reading a bit more on Client Specific Override I found out that changing the tunnel network from /24 to /30 didn't need any override and then I got it working.
Thanks, you lead me to the solution!