Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PC1 -> pfSense 1 <– site tunnel -> pfSense 2 <- PC2

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tullipo
      last edited by

      Hello,

      I have an OpenVPN connection between PC1 and network 10.10.0.0/24. I can access this network without problems.
      I have a site-2-site tunnel from 10.10.0.0/24  to  10.21.0.0/24. Machines on the 10.10.0.0/24 network can access 10.21.0.0/24 and vice versa. The diagnostics/ping can ping any pc across the tunnel on the LAN interface.

      The problem is that PC1 does not have access through this tunnel. I suppose this is a routing issue. I have tried adding the following custom options to the VPN, but it doesn't help.
      push "route 10.21.0.0 255.255.255.0";    <– this is pushed fine to the client. the windows routing table has a reference for 10.21.0.0/24
      route "10.21.0.0 255.255.255.0";  <-- i think the problem is that the traffic is not routed properly on pfSense 1

      What am I doing wrong?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Why does everyone assume if something doesnt workt it's pfSense's fault?

        What subnet do you use for your roadwarriors?
        I hope you created a route entry in the config of the site-to-site for the roadwarrior-subnet as well.
        If not, you can reach the 10.21.0.0/24 subnet from the roadwarrior, but the answer never gets back because no route exists.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • T
          tullipo
          last edited by

          Where would I add that route? In the static routes?

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Where would I add that route? In the static routes?

            No in the config of the site-to-site OpenVPN tunnel on the 10.21.0.0/24 side.

            For the site-to-site tunnel to work you had to add a route command for the subnet on the other side of the tunnel.
            Just do the same again for the roadwarrior-subnet.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • T
              tullipo
              last edited by

              Yes that worked. I tried using "push" on the site2site server but that didn't work (the route wasn't added).

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                Pushes only work for PKI's where the connecting clients recieve their configuration from the server.

                In a site-to-site setup the whole config comes from the local config-file.

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.