Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Communication between two devices not working over Site to Site OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 995 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kranitz
      last edited by

      Hi all,

      I have a site to site VPN connection set up between two pfSense boxes with the intention of letting a surveillance camera system at one site talk to a NAS at another site.

      While I can ping devices from the firewall on either side and get great response, I cannot get the devices to talk…

      I have a rule (firewall/rules/openvpn) set up on both pfsense to allow ALL traffic.

      When I capture packets, the only thing I keep seeing is this:
      10.10.101.20 > 10.10.100.25: ICMP echo request, id 17168, seq 1, length 64
      18:48:47.800469 AF IPv4 (2), length 88: (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto ICMP (1), length 84)

      I never see an echo reply on the capture on either side!

      It's basically saying the same thing on the other pfsense when capturing packets. ICMP requests and that's all.

      Any ideas on why the security camera NVR cannot initialize the NFS connection with the Synology NAS?

      Thanks in advance,

      Mitch

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Are the VPN endpoints the default gateway in their respective networks?
        Responses will be sent to the default gateway.

        1 Reply Last reply Reply Quote 0
        • K
          kranitz
          last edited by

          Uhhhh. um. I know enough to screw things up, but I'm not totally sure how to go about verifying that! Can you help? (and can you fly out here and log on and configure it for me too!!) just kidding!

          1 Reply Last reply Reply Quote 0
          • K
            kranitz
            last edited by

            Each device (NAS, NVR) on either end has the default gateway set as the pfSense.

            1 Reply Last reply Reply Quote 0
            • V
              viragomann
              last edited by

              @kranitz:

              While I can ping devices from the firewall on either side and get great response, I cannot get the devices to talk…

              Do you also get responses if you select another source address like WAN or OpenVPN server?

              If you don't get response with other sources than the default you should consider that the NAS may block access from IP addresses which do not belong to its own subnet.

              1 Reply Last reply Reply Quote 0
              • chpalmerC
                chpalmer
                last edited by

                Ive never had very good luck for whatever reason using  " Any Any" in firewall rules.  Pick "LAN network" for destination and "Network" for source with the remote network parameters filled in.

                If you don't get response with other sources than the default you should consider that the NAS may block access from IP addresses which do not belong to its own subnet.

                Some cameras as well do this.

                Triggering snowflakes one by one..
                Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                1 Reply Last reply Reply Quote 0
                • K
                  kranitz
                  last edited by

                  Well, I ended up blowing away all the OpenVPN settings and rules I had created, then created a new site-to-site PKI OpenVPN connection, and then I created Client Specific Overrides (iroute x.x.x.x y.y.y.y) and voila! IT WORKED!

                  THANKS so much for all your suggestions - much appreciated…

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.