Site-to-Site Shared Key FW Rules & NAT
-
I have a site to site shared key VPN established but no traffic flows.
I have read conflicting guides and would be greatly appreciative of some advice.
IPv4 Tunnel Network = 192.168.0.0/24
From server I can only ping 192.168.0.1
From client I can ping 192.168.0.1 & 192.168.0.2On the server I have selected "Manual Outbound NAT rule generation. (AON - Advanced Outbound NAT)"
What NAT config and FW rules are required to allow server to access client LAN ?
-
No NAT is generally required. Just make sure the traffic from the OpenVPN clients to the LAN hosts is passed on the OpenVPN tab. Make sure traffic from LAN to OpenVPN clients is passed on LAN tab.
-
hmmm…
thanks for the reply Derelict...
On both the client and server side I have the LAN with full access to everything and same as OpenVPN
On the server side do I need the NAT=>Outbound rules as AON or auto?
Any idea why client can ping both tunnel IPs and server can only ping local?
-
https://doc.pfsense.org/index.php/Why_can%27t_I_ping_some_OpenVPN_adapter_addresses