Open VPN Site-to-Site not routing from Clients
-
I have the Open VPN setup and working fine for individual computers that remotely connect. I am trying to get the VPN working so that all of the clients at a remote office can connect. The client router connects but the traffic will not route. I can log into the clientside pfSense box and ping devices on main site fine but clients at the remote site are not routing traffic over the VPN. Because it's working fine for individual computer to connect and its working on the remote VPN I am sure there is something simple i am missing. HELP!
Main office is 192.168.2.0/24 & 192.168.3.0/24
remote office is 192.168.0/24Netstat -r on remote pfSense
Internet:
Destination Gateway Flags Netif Expire
default XX-XX-1-XX.XX.wi UGS bge0
XX.XX.60.0/22 link#2 U bge0
d14-69-162-62.try. link#2 UHS lo0
localhost link#8 UH lo0
192.168.1.0 link#3 U bge1
pfSense link#3 UHS lo0
192.168.2.0 192.168.70.1 UGS ovpnc1
192.168.3.0 192.168.70.1 UGS ovpnc1
192.168.70.0 192.168.70.2 UGS ovpnc1
192.168.70.1 link#10 UH ovpnc1
192.168.70.2 link#10 UHS lo0Server Side Setup
The client side VPN is all default
Client Side Firewall
-
try filling in the tunnel network
-
I have tried it the the tunnel filled in, I have tried it with adding the routes for the other network. Either way I can only ping the clients at the main site via the pfSense box and not from the clients at the remote site.
-
Is this a Shared key or SSL/TLS setup?
-
Shared key. Here is the log from the remote / client side when connecting. I can ssh into the remote box and once OpenVPN connects I can ping clients from both sides of the network, I just can not get the clients on the remote site to see the clients at at the main office.
-
I just can not get the clients on the remote site to see the clients at at the main office.
what do you mean? if you can ping from both sides, then there shouldn't be any issue's (unless you allow icmp, but block everything else).
if this is about "windows neighborhood network' : it doesn't route, it only broadcasts.
setup proper dns.if you want to send broadcasts over your vpn you need a different type of setup: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
^^^^
don't do it, broadcasts waste too much precious bandwidth -
I can ping / access the main sites lan devices from the remote pfSense box. But NONE of the clients on the remote site can reach clients on the main site.
-
I can ping / access the main sites lan devices from the remote pfSense box. But NONE of the clients on the remote site can reach clients on the main site.
What do you mean by "reach"? What are you trying to do?
-
What do you mean by "reach"?
Most likely "I'm pinging and the Windows firewall is silently blocking that…"
-
The clients that I am reaching are linux boxes and I can ping them fine from the remote pfSense box once the VPN connects. The clients at the remote site that are behind the connected pfSense box can not ping / reach clients on the other side at the main site.
-
check fw rules on their respective LAN-tabs