Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Site-To-Site routing issues

    Scheduled Pinned Locked Moved
    OpenVPN
    2
    2
    393
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Taegug
      last edited by

      Hi community,
      i have a small but big struggling issue on my pfsense setup.

      What I have done:
      I have two pfsense server which are connected together via OpenVPN Site-To-Site with shared key.

      I setup routing with the remote networks which should be routed trough the vpn, but there is the issue.

      I can talk with the machines from the other site but only when:
      -pfsense diagnostic tools / this machine can talk with the remote machines everything works
      -my computer/server behind , in my local network can not except I setup manual routes on the computer to my remote network or machines

      I've setup firewall rules only , NAT is automatic etc. , if I use a peer to peer vpn, everything works

      What can it be , that I have to setup manual routes ?

      my networks are:

      • local site a 192.68.0.0/24 -> if I set to 192.168.0.0/16 that all will be routed nothing works
      • local site b 192.68.255.0/24
      • tunnel both sites : 10.0.0.0/8

      if you have other questions to my configuration, I will post it, but before I try to make it short.

      For answer and assumptions I will be many thankful,

      Taegu

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        First off, using 10.0.0.0/8 as a tunnel network is not what you want to do. Change that to something like this on both sides:

        10.186.216.0/30

        192.168.0.0/16 covers both sides, so you can't use it as a remote network there. You want to set these remote networks:

        On site A: Remote Networks: 192.168.255.0/24

        On site B: Remote Networks: 192.168.0.0/24

        It is possible you are trying to supernet everything that is not a local interface but is in 192.168.0.0/16 from both sides, which should be doable, but I would simply get it working first. We are going to need to see full routing tables, firewall rules, etc to see why a supernet isn't working.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.