Site to site between 4 offices



  • Dear All,
    We have 4 offices al over the country, we have 4 hardware Pfsense installed and we are happy with the performace.
    Today we have builed 4 VPN OPENVPN site to site tunnels between the  offices and it does works fine ( thank you for the software).
    One of the offices has 5 VLANS which we managed to get the tunnel up and running however from the server side we can reach the machies on the client side we can rdp to the servers there, but from the client side we can't ping or connect to the servers behind the server lan below screenshot is a example how its configured.

    I've looked on the firewall logs on both firewalls but can't seem to find any block,
    Can Someone please advise where to look ? version we are using is 2.4.3

    Thank you



  • Do you have rules to allow access to the VLANs?  I have attached an example.




  • thank you for your answer,
    yes for each VLAN we have the rules to allow From VLAN30 to any to any


  • Netgate

    Version 2.4.3? You mean the development version? Current production version is 2.4.2-patch1.

    You are not providing enough information for anyone to help you.

    You need to at least provide what networks are where and what local and remote networks are defined on the OpenVPN configurations.

    What kind of OpenVPN matters too. Is it SSL/TLS? Are they all connecting to one server or do they all have their own? etc.

    See the diagram in my sig for a hint at what kind of information is required.



  • @Derelict:

    Version 2.4.3? You mean the development version? Current production version is 2.4.2-patch1.

    You are not providing enough information for anyone to help you.

    You need to at least provide what networks are where and what local and remote networks are defined on the OpenVPN configurations.

    What kind of OpenVPN matters too. Is it SSL/TLS? Are they all connecting to one server or do they all have their own? etc.

    See the diagram in my sig for a hint at what kind of information is required.

    Thank you for your answer,
    yes I mean version 2.4.2 - Patch 1

    Server network is 10.10.10.0/24
    Client Network is 10.10.20.0/24
    the OEPNVPN we are using is a SSL PEER to PEER ( Shared key ) with AESA 256 bit Algorithm and SHA 512
    Tunnel ip is 10.6.0.0/24
    Each office is connecting to the same server and each tunnel has own IP
    10.6.0.0/24
    10.7.0.0/24
    10.8.0.0/24

    I hope i've provided enought information.
    i would like to create such diagram but which program can i use?


  • Netgate

    the OEPNVPN we are using is a SSL PEER to PEER ( Shared key )

    A Peer-to-Peer OpenVPN server is either SSL/TLS or Shared key. It cannot be both. How is yours actually configured?

    Maybe post screen shots instead of an approximation of what you think you have done.



  • @Derelict:

    the OEPNVPN we are using is a SSL PEER to PEER ( Shared key )

    A Peer-to-Peer OpenVPN server is either SSL/TLS or Shared key. It cannot be both. How is yours actually configured?

    Maybe post screen shots instead of an approximation of what you think you have done.

    is Shared Key thank you no SSL thank you


  • Netgate

    OK so on each client side you need:

    Remote Networks: 10.10.10.0/24,10.10.20.0/24

    On the server instance for the first office you need:

    Remote Networks: Remote networks on that side of the connection

    Same for the server instances for the other two offices.

    Firewall rules on the OpenVPN tab or the assigned interface tabs have to pass the desired traffic from the remote sites.



  • @Derelict:

    OK so on each client side you need:

    Remote Networks: 10.10.10.0/24,10.10.20.0/24

    On the server instance for the first office you need:

    Remote Networks: Remote networks on that side of the connection

    Same for the server instances for the other two offices.

    Firewall rules on the OpenVPN tab or the assigned interface tabs have to pass the desired traffic from the remote sites.

    this correct,
    on each office has on the openvpn interface allow any to any, but the issue now is internal from the client side which can't reach the server.
    i see we have a floating rules on the client side, would this be affecting the routes? and also we are using a multi WAN on this office.

    thank you for your continue support


  • Netgate

    Please use specific IP addresses and a specific mode of testing so people can know exactly what you're talking about.

    Thanks.