Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote access to site-to-site lan issues

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 573 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lzimbelman
      last edited by lzimbelman

      Hello all,

      I'm sure this is probably straight forward and just missing something in the config. The issue I'm experiencing is the remote access client cannot reach the 10.55.55.0 network. The LAN 10.87.87.0 network is able to do so. I believe I just need to advertise the 10.55.55.0 route to the 10.87.88.x client but not sure where exactly to make that change. Below is a network diagram.

      What is working:

      • 10.87.87.0 network can reach/ping 10.55.55.0 network

      What is not working:

      • Remote access client 10.87.88.x cannot reach 10.55.55.0 network

      fafcfe5d-a17c-47f8-a5b3-c46f549addf4-image.png

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott
        last edited by

        Can the client reach server 1?

        I suspect you have a routing problem. Client 1 doesn't know how to reach the 10.55.55.0 network, unless there's a specific route or the default route goes to the 10.87.87.0 network.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        L 1 Reply Last reply Reply Quote 0
        • L
          lzimbelman @JKnott
          last edited by lzimbelman

          @JKnott Hello. Thanks for your response. Yes client 1 is able to reach server 1 LAN 10.87.87.0 and also 10.87.87.x devices. Previously, I added "iroute 10.55.55.0 255.255.255.0" on the client specific override in order to allow that connectivity.

          This is the guide I followed for the Site-to-Site setup.
          https://docs.netgate.com/pfsense/en/latest/book/openvpn/site-to-site-example-configuration-ssl-tls.html

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @lzimbelman
            last edited by

            @lzimbelman
            Seems, such questions are coming every day at this time. We had it yesterday: https://forum.netgate.com/topic/151934/in-one-vpn-out-another/4
            And the day before, and...
            Did a forum search?

            L 1 Reply Last reply Reply Quote 0
            • L
              lzimbelman @viragomann
              last edited by lzimbelman

              @viragomann

              With such a descriptive title “in one VPN out another” I can’t believe I missed that in my searches.

              Thanks. I’ll give it a read.

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @lzimbelman
                last edited by

                @lzimbelman
                I agree. ☺

                L 1 Reply Last reply Reply Quote 0
                • L
                  lzimbelman @viragomann
                  last edited by lzimbelman

                  @viragomann in the other post you mention

                  at your parents box in the site2site settings, option "Remote Network/s": 10.0.8.0/24 (comma seperated from the other entries

                  My Server 2 is an asus router with merlin firmware using OpenVPN. Would the equivalent of this "Remote Network/s" (since its not pfsense) be a custom config like

                  push "route 10.87.88.0 255.255.255.0" (since that is what the network for remote access client1 is on?)

                  Edit - nevermind. After a little more digging i added "route 10.87.88.0 255.255.0" to my config on server 2 and now when I'm in as a RA client on 10.87.88.x I can get to 10.55.55.0. Thanks!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.