Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to Site plus remote user

    OpenVPN
    3
    6
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cestes
      last edited by

      Hi

      I've built a network with the following:

      Main site:

      • LAN=192.168.0.0/24
      • OpenVPN Server1 to backup site
      • OpenVPN Server2 for remote users

      Backup site:

      • LAN=192.168.57.0/24
      • OpenVPN client connected to Main Site

      Remote User:

      • Linux machine using OpenVPN client

      Everything works, almost!  The two sites are essentially bridged; everything on at MainSite can see everything at BackupSite, and vice versa.  Remote user connected to MainSite can see everything on the 192.168.0.0/24 LAN.

      However, I would like to have the remote user see everything in the 192.168.57.0/24 LAN as well.  I thought this was easy enough by adding that range into the "IPv4 Local Network/s" field under the tunnel settings, but no luck.

      I'm sure this is either a routing issue or a rule issue, but can't figure it out.  Any suggestions on where to look?

      I could set up a VPN server on the Remote Site, but would like to only have the user make on VPN connection.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        You also need to tell the Backup Server how to reach the Remote User's network.
        When the Remote user connects to the Main site, they get a Tunnel IP address, NOT an IP from the Main site.

        Add the IP tunnel network of the Remote<->Main connection to the networks available to the Backup<->Main connection.

        -jfp

        1 Reply Last reply Reply Quote 0
        • C
          cestes
          last edited by

          That fixed it!

          Thanks a bunch for the help.  pfSense is a great product, with a great community!

          1 Reply Last reply Reply Quote 0
          • C
            cestes
            last edited by

            OK, there's one tiny issue left…

            From a machine at BackupSite (client end of tun), I can ping a machine at MainSite (server end of tun).  But from MainSite, I can't ping anything at BackupSite.  Not a huge deal since other things I really need (ssh, nfs, http, smb, etc.) seem to work just fine.

            Is that how it is, or can I do something about it?

            1 Reply Last reply Reply Quote 0
            • D
              divsys
              last edited by

              If everything else is working, then it's very possibly a firewall issue on the BackupSite PC you're trying to reach. Win machines are notorious for ignoring ping requests from "unknown" subnets.

              -jfp

              1 Reply Last reply Reply Quote 0
              • M
                marvosa
                last edited by

                Assuming the remote end is allowing ICMP thru and the Backup site machines are running Windows, it's because Windows denies ICMP echo replies to IP's outside of its local subnet by default.  You either have to disable the software firewall or add an exception to the firewall.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.