OpenVPN site-to-site problem



  • Hello,

    I've 2 sites :

    • The first had an ADSL internet connection. This site will host the "server". Local IP : 192.168.0.0/24
    • The second had a 4G router. Behind this router, a PFSense server. This site hosts the "client". Local IP : 192.168.10.0/24
    • Tunnel address : 10.0.0.0/24

    The OpenVPN tunnel is OK, thanks to this howto (in french)

    For test purposes, I've made a passall rule on "WAN" (I have only one physical interface available on each PFSenses) and on "OpenVPN" interfaces. This, on each PFsense.
    I also unchecked the two boxes "Block private networks and loopback addresses" and "Block bogon networks" on WAN interfaces on each PFsenses.

    From client(10.0.0.1 - 192.168.10.10) to server(10.0.0.2 - 192.168.0.10), I can ping VPN IP address but not the remote network address. And vice-versa.

    Is there something I've forgotten ?

    Thanks

    Nicolas



  • We need more clarity on the two networks and how they're connected.  Instead of making assumptions, please provide a network map.

    Also, post the server1.conf from the server and the client1.conf from the client.


  • LAYER 8 Netgate

    The only rule you need on WAN for OpenVPN is the one on the server side passing the tunnel traffic itself (Default: any to WAN address port UDP/1194)

    After that, each site allows traffic in from the OpenVPN tunnel using rules on the OpenVPN tab.

    The any rule on WAN should probably be deleted or disabled immediately.

    A simple test is if you can ping the pfsense LAN interface address on the other side. If you can ping that, then the tunnel is working.

    If you can ping that and NOT something on the LAN you need to check that client for firewalls on it and routing (default route goes back to pfSense).


Log in to reply