Site to site routing bug

johbra

I've been trying to set up a site to site OpenVPN connection and I think i stumbeled something that just isn't right :)

The thing is that this works
LAN 192.168.110.0/24 <-> tunnel network 10.82.234.0/30 <-> LAN 10.82.222.0/24
When the tunnel is setup this way, I can ping from a computer in one LAN subnet to a computer in the other LAN subnet.

But this doesen't
LAN 192.168.111.0/28 <-> tunnel network 10.82.234.0/30 <-> LAN 10.82.222.0/24
When the tunnel is setup this way I can't ping. Just as before I am pinging from a computer in one LAN subnet to a computer in the other LAN subnet (one computer/subnet has changed).

The situation is

• Both end of the tunnel is running pfSense 2.0 release.
• We have looked at the firewall logs. The traffic isn't being blocked.
• We have looked at the routes in both ends of the tunnel and they look correct. They also look the same (except that one subnet has changed…) as the working example (when the 192.168.110/24 subnet is used).
• We have done a packet capture on the LAN interfaces and the OpenVPN interfaces of both ends of the tunnels. What we are seeing on both ends of the tunnel is that the traffic is passing through the LAN interfaces but not coming out through the OpenVPN interfaces.

Conclusion

1. There is something is wrong with the routing.
2. All settings are correct, something within pfSense isn't functioning correct?

Thats right…I blame anyone but my myself  ;)

heper

check if the routing is correct on both ends …

it can happen that one side is able to send traffic, but that the other side does not know how/where to return the replies