[SOLVED] OpenVPN Site to Site still Ping / RDP not working
-
What i do:
1. I have add two firewall rules from lan to s2s and to 192.168.15.0/24
2. I add on both site routes for the opposite networks
3. I add outbound rules from interface lan with source 10.10.15.0/30 to destination networksWhat the decisive step was i can´t say actually. I will still testing some settings and give feedback later.
Thanks and bye
-
3. I add outbound rules from interface lan with source 10.10.15.0/30 to destination networks
That NAT rule translates source addresses of packets coming over vpn and destined to a LAN device to the pfSense LAN address. So for the LAN device it seems the packets come from inside the subnet. I already mentioned above.
If that solve the issue, either the device firewall blocks access from addresses outside its own subnet or the vpn client / server is not the default gateway. -
Hi,
is it possible that i use two solutions for one problem?
outbound nat and static routes?
Is it possible that i get problems later?
I add some pictures under the attachments.
Thanks
Ps:Do you know as it possible to join the official pfsense docs team to add this informations under openvpn site to site?
 -
outbound nat and static routes?
You have set a static route?? You should never set static routes on vpn gateways!
https://doc.pfsense.org/index.php/Static_Routesis it possible that i use two solutions for one problem?
Not with that outbound NAT rule. Since the source network is only the vpn tunnel subnet, it only affects packets coming from the client address respectively the server, not from the network behind.
That's the same useless outbound NAT rule you had set before. The client or server won't access devices in the remote LAN aside from your testing.Is it possible that i get problems later?
Possibly with the static route.
-
-
Hi,
when i disable the static route then the connection will break.
What is wrong?
thanks
-
The route have to be set by OpenVPN, depending on the entries in "Local Network(s)" and "Remote Network(s)" on both sites. If these entries are set, the routes should work.
You can check the routing table in Diagnostic > Routes.
Is that a SSL/TLS OpenVPN or a Preshared key?
-
Hi,
i found this howto and following up.
Now i have Peer to Peer SSL/TLS before it was a pre shared key setup.
The connection is established but now i can´t access any ressources from the other site.What is wrong?
Thanks
 -
Why you set up a client specific override for a site-to-site? Do you plan to connect with multiple clients?
Besides there is nothing to override, since the settings are the same as on server tab.Aside this it looks well. But what's about the client settings? And the routing table from both sites?
-
Hi,
Why you set up a client specific override for a site-to-site? Do you plan to connect with multiple clients?
No actually i plan no multiple clients -> I have remove client specific override.
PFsense Server:
In the routing table is not an entry for 192.168.15.0/24 (PFsense Client) only a tunnel network entry:Destination Gateway Flags Use Mtu Netif Expire
10.10.15.0/24 10.10.15.2 UGS 0 1500 ovpns4it does not look right ?!!? or??!!
Complete table you can see in the attachments.
PFSense Client:
Complete in the attachments (Entry for 192.168.10.0/24 exists)The client configuration is also under the attachments.
Thanks
 -
Hi,
@Viragomann
I have disable and enable vpn server and now i found an entry in the pfsense server routing table.See attachments
Ping and Access is not possible!
Thanks
 -
Hi,
my Site to Site is now running and i have setup according recommendation, it means that i have no static routes.
The final solution was to reset the states and take a /30 tunnel network.
Thx and Bye