Site to site tunnel - can ping from one side but not the other
-
Hi guys,
Long time since I've posted on here!
I have an issue that's left me tearing my hair out with a site to site VPN.
I'm using OpenVPN using peer-peer shared key.
My vpn is showing as UP however I can't seem to ping from one side of the tunnel.
No matter which way I set-up the server and client, the same pfsense box cannot ping the other side.
I've successfully set up a vpn this way before without any issues. I was wondering if anybody had any pointers to what it could be?
I've got a remote access vpn as well on the site where that fails to ping the other site however this works correctly.
TIA
-
Have you gone through the OpenVPN Troubleshooting guide?
https://docs.netgate.com/pfsense/en/latest/book/openvpn/troubleshooting-openvpn.html
-
Sounds similar to my issue: https://forum.netgate.com/topic/140889/site-to-site-tunnel-routing-through-wrong-vpn-network-half-the-time
Try running a packet capture on the remote access VPN to see if it's the same issue as me. Also check the state table Diagnostics > States (interface any, filter "icmp") when doing a ping -t.
-
Can ping from one side but not the other
Either firewall rules on the OpenVPN tab (or assigned interface) on the side you can't ping
OR a firewall on the device you can't ping itself.
OR policy routing on the side that cannot ping the other forcing connections over a different path.