Site to Site with openVPN: Connection made cant ping
-
Hello all,
Trying to get a Site to Site working with open VPN (https://forum.pfsense.org/index.php?topic=48667.0). Got both sides setup and the VPN connection is made, however I can't ping to the other side from either direction. I know I've missed something but I just can't seem to figure out what.
-
1194 upd is open on the server firewall
-
openVPN rule: pass, any, any, any on both client and server
What else haven't I done that would cause this?
Thanks for the help
-
-
And did you put in routes? That post is from 2012 for version 2.0.1…
Why would you not just use the wiki article?
https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_(SSL)What is your remote network and local network, tunnel network and what did you put in for those when you setup the server side?
-
That post is from 2012 for version 2.0.1…
Why would you not just use the wiki article?
https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_(SSL)I tried the wiki, didn't work for me. They are very vague with some of the instructions and I'm fairly new to VPN so it wasn't helping.
I'll try it again though.
And did you put in routes?
What is your remote network and local network, tunnel network and what did you put in for those when you setup the server side?
Remote Network: 192.168.1.0/24
Server Netowrk: 192.168.2.0/24
Tunnel: 10.0.8.0/24Route via custom options
Server: route 192.168.1.0 255.255.255.0; push "route 192.168.2.0 255.255.255.0"; -
There are no custom options needed to reach your aims.
Just enter the respective networks in the "IPv4 Remote network(s)" boxes in the server and client settings.Are both boxes, client and server, the default gateways in their networks?
Try a ping from one pfSense to the other pfSense (LAN address) and if it works try a ping to another device behind. -
As has been said, you do not need anything in custom options to do what you need to do.
Are you trying shared key or SSL/TLS?
If shared key you have to duplicate reciprocal routes and tunnel network settings on the client side. You cannot push to the client when using shared key.
If SSL/TLS you can push them to the client from the server.
If using a tunnel network larger than /30 and are using SSL/TLS you ALSO have to set a Client-Specific Override on the server for the client setting the remote network there.
