Open VPN Site-to-Site not routing from Clients

lawrencesystems

I have the Open VPN setup and working fine for individual computers that remotely connect.  I am trying to get the VPN working so that all of the clients at a remote office can connect.  The client router connects but the traffic will not route.  I can log into the clientside pfSense box and ping devices on main site fine but clients at the remote site are not routing traffic over the VPN.  Because it's working fine for individual computer to connect and its working on the remote VPN I am sure there is something simple i am missing. HELP!

Main office is 192.168.2.0/24 & 192.168.3.0/24
remote office is 192.168.0/24

Netstat -r on remote pfSense
Internet:
Destination        Gateway            Flags      Netif Expire
default            XX-XX-1-XX.XX.wi UGS        bge0
XX.XX.60.0/22      link#2            U          bge0
d14-69-162-62.try. link#2            UHS        lo0
localhost          link#8            UH          lo0
192.168.1.0        link#3            U          bge1
pfSense            link#3            UHS        lo0
192.168.2.0        192.168.70.1      UGS      ovpnc1
192.168.3.0        192.168.70.1      UGS      ovpnc1
192.168.70.0      192.168.70.2      UGS      ovpnc1
192.168.70.1      link#10            UH      ovpnc1
192.168.70.2      link#10            UHS        lo0

Server Side Setup

The client side VPN is all default

Client Side Firewall

heper

try filling in the tunnel network

lawrencesystems

I have tried it the the tunnel filled in, I have tried it with adding the routes for the other network.  Either way I can only ping the clients at the main site via the pfSense box and not from the clients at the remote site.

divsys

Is this a Shared key or SSL/TLS setup?

lawrencesystems

Shared key.  Here is the log from the remote / client side when connecting.  I can ssh into the remote box and once OpenVPN connects I can ping clients from both sides of the network, I just can not get the clients on the remote site to see the clients at at the main office.

heper

@lawrencesystems:

I just can not get the clients on the remote site to see the clients at at the main office.

what do you mean? if you can ping from both sides, then there shouldn't be any issue's (unless you allow icmp, but block everything else).

if this is about "windows neighborhood network' : it doesn't route, it only broadcasts.
setup proper dns.

if you want to send broadcasts over your vpn you need a different type of setup: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
^^^^
don't do it, broadcasts waste too much precious bandwidth

lawrencesystems

I can ping / access the main sites lan devices from the remote pfSense box.  But NONE of the clients on the remote site can reach clients on the main site.

Derelict

@lawrencesystems:

I can ping / access the main sites lan devices from the remote pfSense box.  But NONE of the clients on the remote site can reach clients on the main site.

What do you mean by "reach"?  What are you trying to do?

doktornotor

@Derelict:

What do you mean by "reach"?

Most likely "I'm pinging and the Windows firewall is silently blocking that…"

lawrencesystems

The clients that I am reaching are linux boxes and I can ping them fine from the remote pfSense box once the VPN connects.  The clients at the remote site that are behind the connected pfSense box can not ping / reach clients on the other side at the main site.

heper

check fw rules on their respective LAN-tabs