Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN site-to-site problem

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 810 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tabtab
      last edited by

      Hello,

      I've 2 sites :

      • The first had an ADSL internet connection. This site will host the "server". Local IP : 192.168.0.0/24
      • The second had a 4G router. Behind this router, a PFSense server. This site hosts the "client". Local IP : 192.168.10.0/24
      • Tunnel address : 10.0.0.0/24

      The OpenVPN tunnel is OK, thanks to this howto (in french)

      For test purposes, I've made a passall rule on "WAN" (I have only one physical interface available on each PFSenses) and on "OpenVPN" interfaces. This, on each PFsense.
      I also unchecked the two boxes "Block private networks and loopback addresses" and "Block bogon networks" on WAN interfaces on each PFsenses.

      From client(10.0.0.1 - 192.168.10.10) to server(10.0.0.2 - 192.168.0.10), I can ping VPN IP address but not the remote network address. And vice-versa.

      Is there something I've forgotten ?

      Thanks

      Nicolas

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        We need more clarity on the two networks and how they're connected.  Instead of making assumptions, please provide a network map.

        Also, post the server1.conf from the server and the client1.conf from the client.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          The only rule you need on WAN for OpenVPN is the one on the server side passing the tunnel traffic itself (Default: any to WAN address port UDP/1194)

          After that, each site allows traffic in from the OpenVPN tunnel using rules on the OpenVPN tab.

          The any rule on WAN should probably be deleted or disabled immediately.

          A simple test is if you can ping the pfsense LAN interface address on the other side. If you can ping that, then the tunnel is working.

          If you can ping that and NOT something on the LAN you need to check that client for firewalls on it and routing (default route goes back to pfSense).

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.