Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN site-to-site problem

    OpenVPN
    3
    3
    473
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tabtab last edited by

      Hello,

      I've 2 sites :

      • The first had an ADSL internet connection. This site will host the "server". Local IP : 192.168.0.0/24
      • The second had a 4G router. Behind this router, a PFSense server. This site hosts the "client". Local IP : 192.168.10.0/24
      • Tunnel address : 10.0.0.0/24

      The OpenVPN tunnel is OK, thanks to this howto (in french)

      For test purposes, I've made a passall rule on "WAN" (I have only one physical interface available on each PFSenses) and on "OpenVPN" interfaces. This, on each PFsense.
      I also unchecked the two boxes "Block private networks and loopback addresses" and "Block bogon networks" on WAN interfaces on each PFsenses.

      From client(10.0.0.1 - 192.168.10.10) to server(10.0.0.2 - 192.168.0.10), I can ping VPN IP address but not the remote network address. And vice-versa.

      Is there something I've forgotten ?

      Thanks

      Nicolas

      1 Reply Last reply Reply Quote 0
      • M
        marvosa last edited by

        We need more clarity on the two networks and how they're connected.  Instead of making assumptions, please provide a network map.

        Also, post the server1.conf from the server and the client1.conf from the client.

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          The only rule you need on WAN for OpenVPN is the one on the server side passing the tunnel traffic itself (Default: any to WAN address port UDP/1194)

          After that, each site allows traffic in from the OpenVPN tunnel using rules on the OpenVPN tab.

          The any rule on WAN should probably be deleted or disabled immediately.

          A simple test is if you can ping the pfsense LAN interface address on the other side. If you can ping that, then the tunnel is working.

          If you can ping that and NOT something on the LAN you need to check that client for firewalls on it and routing (default route goes back to pfSense).

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post