Site to Site shared key some devices cannot be reached



  • Hello,

    I created an openvpn site to site tunnel in shared key mode and everything works more or less. Unfortunately some devices cannot be accessed through the tunnel while the rest works fine. The devices which don't work cannot even be pinged. I also wasn't able to find any commonality between the devices which cannot be reached. It's one hyper-v host, 2 synology nas and an hp network printer. The other way round one nas is not reachable.

    This isn't my first site to site tunnel and I am out of ideas now ):

    Here are my configurations:

    http://pho.to/AkH2x

    I hope someone has an idea or finds a mistake I did.

    Thank you very much in advance
    cheers
    -gladston3



  • Ok I investigated this a little bit further. From the firewalls I can ping the all the foreign devices successfully. So I guess the firewall must block some selectively. Is there any chance I can find out the reason? I looked into status –> system logs --> firewall but wasn't able to find something.

    I also tried an IPsec tunnel but exactly the same devices weren't reachable again.

    Thanks in advance
    cheers
    -gladston3


  • Rebel Alliance Developer Netgate

    Odds are your problem is not on pfSense, but with the local devices. They may have a local firewall on them set to drop off-subnet traffic.


  • Netgate

    Or no default gateway set or a default gateway set that is not pfSense.



  • It definitely was something on pfSense. Since I ran out of time I had to replace both of them with something else. Changed nothing else and it instantly worked. Pretty unsatisfying though. Really would have wanted to know what exactly was causing the problem. Also very unfortunate that paid support by incident is no longer available. Definitely would have been willing to pay for support for that but with the new contracts only system it would have cost me almost $2000 /: