Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN site-to-site SharedKey cannot access resources on server side of tunnel

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      giles
      last edited by

      I have two pfsense sites. Established openvpn s2s using inst here: https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site.
      Both sites show tunnel is up.
      Confirmed that server side lan network is set as local and remote addresses in VPN config pages.
      Using 10.0.8.0 as tunnel network. Server side grabs 10.0.8.1. Client side grabs 10.0.8.2 as expected according to docs.
      Server side can ping both 10.0.8.1 and 10.0.8.2 client side can only ping 10.0.8.2 NOT 10.0.8.1 (Server tunnel ip)
      Client workstation cannot ping nor access any resource on the server side.
      Have checked and double-checked and tripled checked firewall rules both sides both WAN and OpenVPN tabs.
      As a note, not that I know if it matters or not, but I can successfully connect to server side using OpenVPN client software.
      Also, using port 1195 for Site-To-Site as client vpn is configured for 1194. That was what pfsense selected when I created the new OpenVPN server on the server side pfsense box.

      Please pass along any suggestions you might have.

      Thanks,

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        Post both the server and client configs.

        1 Reply Last reply Reply Quote 0
        • G
          giles
          last edited by

          marvosa,

          Thanks. As I was looking at my configs to post them I noticed I did not enter an entry on the server side for IPv4 Remote networks. Once I added that, everything is cool

          If you had not pointed me in that direction, I would not have found that missing entry.

          Many thanks,

          1 Reply Last reply Reply Quote 0
          • G
            giles
            last edited by

            Can I add a question?

            If I want to set up multiple client sites, do I need separate server entries on the server firewall?

            Thanks,

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.