Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Site to Site shared key some devices cannot be reached

    OpenVPN
    3
    5
    815
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gladston3 last edited by

      Hello,

      I created an openvpn site to site tunnel in shared key mode and everything works more or less. Unfortunately some devices cannot be accessed through the tunnel while the rest works fine. The devices which don't work cannot even be pinged. I also wasn't able to find any commonality between the devices which cannot be reached. It's one hyper-v host, 2 synology nas and an hp network printer. The other way round one nas is not reachable.

      This isn't my first site to site tunnel and I am out of ideas now ):

      Here are my configurations:

      http://pho.to/AkH2x

      I hope someone has an idea or finds a mistake I did.

      Thank you very much in advance
      cheers
      -gladston3

      1 Reply Last reply Reply Quote 0
      • G
        gladston3 last edited by

        Ok I investigated this a little bit further. From the firewalls I can ping the all the foreign devices successfully. So I guess the firewall must block some selectively. Is there any chance I can find out the reason? I looked into status –> system logs --> firewall but wasn't able to find something.

        I also tried an IPsec tunnel but exactly the same devices weren't reachable again.

        Thanks in advance
        cheers
        -gladston3

        1 Reply Last reply Reply Quote 0
        • jimp
          jimp Rebel Alliance Developer Netgate last edited by

          Odds are your problem is not on pfSense, but with the local devices. They may have a local firewall on them set to drop off-subnet traffic.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Or no default gateway set or a default gateway set that is not pfSense.

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • G
              gladston3 last edited by

              It definitely was something on pfSense. Since I ran out of time I had to replace both of them with something else. Changed nothing else and it instantly worked. Pretty unsatisfying though. Really would have wanted to know what exactly was causing the problem. Also very unfortunate that paid support by incident is no longer available. Definitely would have been willing to pay for support for that but with the new contracts only system it would have cost me almost $2000 /:

              1 Reply Last reply Reply Quote 0
              • First post
                Last post