OpenVPN site to site
-
Lan A (OpenVPN server): 10.0.0.0/24
Lan B (OpenVPN client): 10.0.1.0/24
Tunnel address pool: 10.0.8.0/24Setup: Running 4 VMS (2 instances of windows server 2008 and 2 instances of pfsense) on my Win7 host machine.
I setup my OpenVPN according to this guide: http://forum.pfsense.org/index.php/topic,48667.0.html
OpenVPN server> –--> pfsenseRouter01 >----OpenVPN tunnel-----< pfsenseRouter02 ------OpenVPN client
10.0.0.201/24 10.0.0.254/24 10.0.8.0/24 10.0.1.254/24 10.0.1.201\24Status --> Open VPN on both ends say connected to tunnel (10.0.8.6/24). Both Server and Client can ping tunnel (10.0.8.6/24). Both pfsense VMS are set with WAN and Lan interface. WAN configured to take DHCP address from my host machines local router (192.168.0.0/24). My host machine default gateway is 192.168.0.1 and pfsenseRouter01 and pfsenseRouter02 can ping 192.168.0.1 and respective clients on their LAN. However I cannot ping outside lan. So server on LAN A cannot ping client on LAN B and vice versa. How can I setup this to be able to ping between LANS?
-
The config you describe should work. Here are a few standard things to check:
The Windows Server at each end (10.0.0.201 and 10.0.1.201) need to have their default gateway pointing to their pfSense.
The local networks and remote network boxes on the OpenVPN server should be filled in with the LAN subnets at each end 10.0.0.0/24 and 10.0.1.0/24 - that will make the necessary routes appear on pfSense at each end.
Firewall rules on LAN and OpenVPN at each end need to allow traffic for at least these subnets (for a test like this, start by having a pass all rule everywhere) -
Hi phil.davis.
Thank you so much for responding. I'm at work but will check to see that everything is configured properly on the OS end. What i noticed it that if I use tracert from server pointing to client IP the first path is the pfsense router of the server then I get request timed out forever. Both the client and server can ping the tunnel I setup for Openvpn and both status show them as connected. Do I need to setup static routes or something?
Also my wan interface for the server and client show an IP of 192.168.0.1 which is my host machines D-link router. Should this be the WAN? Or should it be the DHCP address that my D-link router assigns the pfsense routers to access the internet?
-
Use Diagnostics->Routes to see what routes are on each pfSense. If you have the local network and emote network in the OpenVPN config correctly, then there should be routes on each box to the opposite LAN.
And yes, the WAN of each pfSense should be fine pointing to your D-Link router 192.168.0.1 - in your test environment, 192.168.0.0/24 is playing the role of the real internet.