Site2Site VPN debugging

  • I've setup a site2site vpn.
    It connects fine.
    The routes show on both (PFSense) firewalls fine.
    From the LAN either side (or firewall to other LAN) I cannot ping on the other side.
    traceroute doesn't show anything.
    I've even tries any/any rules to the LAN and openvpn on both sides.
    I have remote connection vpns working fine, to both firewalls.
    The only thing left is using a remote connection and manually adding nat's and routes.
    Not something I want to do really, but I'm at a loss.

    I've checked the docs and it matches up OK.
    This is SG-1000 (2.4) to 2.3.x

  • Check if the computers firewalls blocks the access from the other site.

    For debugging you may use Diagnostics > Packet Capture.
    For instance, take a capture on LAN interface with ICMP filter while you try a ping from the other side to a LAN device. Check if you see the packets here and if responses come back from the destination device.

  • Unfortunately it's not client firewalls either, I checked that.
    I can only think it's broken for me (or me that's broken!).
    I'm going to see if IPSEC works any better, or helps me diagnose the problem, but that's not looking good at the moment either.
    That's saying auth failed, when the pre-shared secret is definitely identical.
    I'm missing something obvious and daft clearly!
    Trawl the internet and docs read and re-read I guess.

    No Idea what is going on with openvpn and site-to-site, but I got IPSec working fairly quickly.
    So I'm happier with IPSec for site-to-site anyway - I can only think there is something broken with openvpn site to site with my setup somehow.

Log in to reply