Site To Site VPN connected but traffic not going beyond far side
-
Hi Everyone
So I have 2 pfsense systems setup and am trying to create a site-2-site network link with OpenVPN.
Site A - Server
IP network: 10.0.0.0/8
Transit Network: 172.16.0.1Site B - Client
IP network: 192.168.1.0/24
Transit Network: 172.16.0.2The 2 units are connected. When I do a ping test from site A it can ping anywhere into site B network. The reverse is also working. When I try to use a pc in site A and ping a pc in site B it fails and the reverse is also a failure. The pc in site A can ping 172.160.2 and the pc in site B can ping 172.16.0.1 . So the pc in each site gets to the firewall on the other side but not beyond it. I am probably missing one step but I am not sure where. Any help would be greatly appreciated.
Rene
-
Hi @Infraevo
Here is the relevant section of the pfSense book for configuring site-to-site OpenVPN, you may want to go over it to check your configuration against.https://www.netgate.com/docs/pfsense/book/openvpn/site-to-site-example-configuration-ssl-tls.html
Also, here is the OpenVPN troubleshooting guide.
https://www.netgate.com/docs/pfsense/book/openvpn/troubleshooting-openvpn.html
Hope this helps.
Thank you,
-James
-
Sorry forgot to mention using shared key
-
Hi @Infraevo
Here is the section for PSK.
https://www.netgate.com/docs/pfsense/book/openvpn/site-to-site-example-configuration-shared-key.html
Thank you,
-James
-
Post the server1.con from the server and client1.conf from the client.
-
Why are you even trying to use 10.0.0.0/8? Are you anticipating 16 million hosts there?
When you say Transit network do you mean OpenVPN Tunnel Network?
How do the pings fail?
-
Hi Folks
I tore the entire system down and redid it from scratch from the actual manual. This time it worked . So not sure what I missed but all is good now. Thanks for your input.