Can't reach backup firewall when connected by VPN

ca_maer

Hello,

I've followed the doc to setup the HA and everything works as expected. I only have an issue where if connected by VPN to the main firewall (192.168.1.253) I can't ping nor reach the webui of the backup firewall (192.168.1.254).

The VPN uses a different subnet (192.168.2.0/24) but I can reach other servers in the same subnet as the firewalls fine.

When connected locally into the LAN, I can reach the second firewall correctly.

Is there something special I need to do ?

Thanks !

viragomann

https://docs.netgate.com/pfsense/en/latest/highavailability/troubleshooting-vpn-connectivity-to-a-high-availability-secondary-node.html

ca_maer

Thanks for the link ! I was able to make it work for the road warriors but settings the same for the Site-To-Site openvpn tunnel is not working.

My tunnel is 10.1.99.0/30 so I added the following outbound rule:
Source: 10.1.99.0/30
Destination: Alias with both firewalls LAN IPs
NAT Address: LAN addresse

viragomann

For the site to site vpn, you must use the remote LAN in the source box instead of the tunnel network.

ca_maer

Well that was it ! Thanks a lot for the help !