OpenVPN site-to-site SharedKey cannot access resources on server side of tunnel



  • I have two pfsense sites. Established openvpn s2s using inst here: https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site.
    Both sites show tunnel is up.
    Confirmed that server side lan network is set as local and remote addresses in VPN config pages.
    Using 10.0.8.0 as tunnel network. Server side grabs 10.0.8.1. Client side grabs 10.0.8.2 as expected according to docs.
    Server side can ping both 10.0.8.1 and 10.0.8.2 client side can only ping 10.0.8.2 NOT 10.0.8.1 (Server tunnel ip)
    Client workstation cannot ping nor access any resource on the server side.
    Have checked and double-checked and tripled checked firewall rules both sides both WAN and OpenVPN tabs.
    As a note, not that I know if it matters or not, but I can successfully connect to server side using OpenVPN client software.
    Also, using port 1195 for Site-To-Site as client vpn is configured for 1194. That was what pfsense selected when I created the new OpenVPN server on the server side pfsense box.

    Please pass along any suggestions you might have.

    Thanks,



  • Post both the server and client configs.



  • marvosa,

    Thanks. As I was looking at my configs to post them I noticed I did not enter an entry on the server side for IPv4 Remote networks. Once I added that, everything is cool

    If you had not pointed me in that direction, I would not have found that missing entry.

    Many thanks,



  • Can I add a question?

    If I want to set up multiple client sites, do I need separate server entries on the server firewall?

    Thanks,


Log in to reply