Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site2Site VPN debugging

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 746 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deadmalc
      last edited by

      I've setup a site2site vpn.
      It connects fine.
      The routes show on both (PFSense) firewalls fine.
      From the LAN either side (or firewall to other LAN) I cannot ping on the other side.
      traceroute doesn't show anything.
      I've even tries any/any rules to the LAN and openvpn on both sides.
      I have remote connection vpns working fine, to both firewalls.
      The only thing left is using a remote connection and manually adding nat's and routes.
      Not something I want to do really, but I'm at a loss.

      I've checked the docs and it matches up OK.
      This is SG-1000 (2.4) to 2.3.x

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Check if the computers firewalls blocks the access from the other site.

        For debugging you may use Diagnostics > Packet Capture.
        For instance, take a capture on LAN interface with ICMP filter while you try a ping from the other side to a LAN device. Check if you see the packets here and if responses come back from the destination device.

        1 Reply Last reply Reply Quote 0
        • D
          deadmalc
          last edited by

          Unfortunately it's not client firewalls either, I checked that.
          I can only think it's broken for me (or me that's broken!).
          I'm going to see if IPSEC works any better, or helps me diagnose the problem, but that's not looking good at the moment either.
          That's saying auth failed, when the pre-shared secret is definitely identical.
          I'm missing something obvious and daft clearly!
          Trawl the internet and docs read and re-read I guess.

          No Idea what is going on with openvpn and site-to-site, but I got IPSec working fairly quickly.
          So I'm happier with IPSec for site-to-site anyway - I can only think there is something broken with openvpn site to site with my setup somehow.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.