Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site-to-Site VPN cannot access LAN behind PFsense

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 4 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      LinxS
      last edited by

      Hi All,

      I am new to PFsense; Have deployed a VM in our DC, and have purchase a Micro-firewall SG-1000.
      I have one public IP address, created a WAN interface and assigned that IP and LAN interface.
      for SG-1000 (which is going to act as client); also created a WAN and LAN interface, but no public IP for

      So 2 subnets; 1 behind the VM and 1 behind the Micro-firewall

      I then followed this guide; https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_OpenVPN-connection_in_PfSense_2.1

      I see that the OpenVpn is established on both ends, (Status > OPenVpn)

      From the SG-1000, (Diagnostics> Ping), I can Ping my Server which is on the remote LAN, but I can't PING from my laptop connected to SG-1000.

      Do we require any additional configuration?

      Thank  you  :)

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        Have you set both the local network and the remote network on server and the remote network on the client?
        This is necessary for correct routing.

        Are both pfSense the default gateways in the network behind them?

        1 Reply Last reply Reply Quote 0
        • L Offline
          LinxS
          last edited by

          I don't think I have, where is that config?

          Yes my PFsense is default gateway for the Client laptop and for the Servers at both sites.

          1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann
            last edited by

            In the server settings (VPN > OpenVPN > Servers > your server) there is a box "IPv4 Local network(s)" and "IPv6 Local network(s)". Here you have to enter the local (server side) subnet which should be reachable over vpn. Also the is a box for remote networks, where you have to enter the clients LAN you want to access via vpn.
            In the client setting there are boxes for IPv4 and IPv6 remote networks. Here you have to enter the server sides LAN.

            1 Reply Last reply Reply Quote 0
            • L Offline
              LinxS
              last edited by

              Server side; Sorry, but there is no such box. (OpenVpn>Servers)

              There is only tunnel and remote network, no field to intput "local network"

              (not sure if it matters but note this is done through "shared key"/tun/Wan interface)

              Client side; Similar issue (OpenVpn>Clients)

              (only Tunnel network and remote network no where to input "local network)

              ![PfSsense Openvpn Server.JPG](/public/imported_attachments/1/PfSsense Openvpn Server.JPG)
              ![PfSsense Openvpn Server.JPG_thumb](/public/imported_attachments/1/PfSsense Openvpn Server.JPG_thumb)

              1 Reply Last reply Reply Quote 0
              • V Offline
                viragomann
                last edited by

                I see. So it's a "Shared Key site-to-site" server. This setup follows different rules than the default SSL/TLS server, which I'm not familiar.

                1 Reply Last reply Reply Quote 0
                • B Offline
                  bienicc
                  last edited by

                  LinxS,

                  Just make sure you put IP subnet of both sites into "IPv4 Remote network" fields (on both site), that I think you are done already. What you need is to pay attention to firewall rule at both sites, whether it allow to ping each other or not.

                  1 Reply Last reply Reply Quote 0
                  • C Offline
                    clint08
                    last edited by

                    is this issue resolved? i think im having the same issue.
                    i cant ping any in the client side when im in server side LAN but i can ping server side when im in Client.
                    im using pfsense  as openvpn server and ddwrt as client vpn.

                    im having 192.168.50.0/24 as my server networks
                    192.168.5.0/24 as my client networks
                    10.8.0.0/24 as tunnel networks

                    please see my config:

                    server1.PNG
                    server1.PNG_thumb
                    ![server 2.PNG](/public/imported_attachments/1/server 2.PNG)
                    ![server 2.PNG_thumb](/public/imported_attachments/1/server 2.PNG_thumb)
                    server3.PNG
                    server3.PNG_thumb
                    ![server routes.PNG](/public/imported_attachments/1/server routes.PNG)
                    ![server routes.PNG_thumb](/public/imported_attachments/1/server routes.PNG_thumb)
                    ![client route.PNG](/public/imported_attachments/1/client route.PNG)
                    ![client route.PNG_thumb](/public/imported_attachments/1/client route.PNG_thumb)
                    ![firewall wan.PNG](/public/imported_attachments/1/firewall wan.PNG)
                    ![firewall wan.PNG_thumb](/public/imported_attachments/1/firewall wan.PNG_thumb)
                    ![firewall lan.PNG](/public/imported_attachments/1/firewall lan.PNG)
                    ![firewall lan.PNG_thumb](/public/imported_attachments/1/firewall lan.PNG_thumb)
                    ![firewall openvpn.PNG](/public/imported_attachments/1/firewall openvpn.PNG)
                    ![firewall openvpn.PNG_thumb](/public/imported_attachments/1/firewall openvpn.PNG_thumb)

                    1 Reply Last reply Reply Quote 0
                    • V Offline
                      viragomann
                      last edited by

                      @clint08:

                      is this issue resolved? i think im having the same issue.

                      You have a site-to-site with SSL/TLS auth. So this is another type of vpn server, also the DDWRT client seems to need special settings on the server, cause it doesn't provide the settings pfSense do.

                      Here a guy got your problem fixed a view days ago: https://forum.pfsense.org/index.php?topic=127455.msg704739#msg704739

                      1 Reply Last reply Reply Quote 0
                      • L Offline
                        LinxS
                        last edited by

                        @bienicc:

                        LinxS,

                        Just make sure you put IP subnet of both sites into "IPv4 Remote network" fields (on both site), that I think you are done already. What you need is to pay attention to firewall rule at both sites, whether it allow to ping each other or not.

                        That resolved my issue, (after making sure I restarted my VPN service), Thank you for your help  :D

                        Next I am going to implement SSL/TLS as it is more secure than shared key  :)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.