OpenVPN Site to Site Issue

nomisnak

The site to site connection is UP and when doing a ping test from pfsense diagnostics, the VPN Client can ping tunnel network IP on the client and server side. It can also ping the remote network IP of the OVPN Server/Pfsense IP.

When I try to ping the same IPs from a workstation on the client side, I can only ping the local tunnel network IP and not the remote tunnel network IP or the OVPN server.

I have checked other postings and tried a few things but still cannot figure out how to fix this. I assume it's routing so looking for what commands I need to add to the options box.

viragomann

The routing is set by the "Remote networks" box on both, the server and client config. Have you set this?

Are both, server and client pfSense the default gateways in the networks behind?

nomisnak

I have set "IPv4 Remote Network(s)" on both client and server to use the same IP network.

I have set up the default gateway as well for both sides of the networks.

For something different, I reversed the setup of who is server and client. I found that I was able to ping from a workstation the local and remote tunnel IP but not the clients local gateway IP.
During testing I inadvertently had both VPN setups running and found that I could ping from a workstation the client gateway local IP.

Not sure if that info helps…

viragomann

Would you share the settings and tell what you network range is on both sites?

moikerz

@nomisnak:

I have set "IPv4 Remote Network(s)" on both client and server to use the same IP network.

Wat. Remote network field only appears for the device configured as the "server" - "client" side does not get that field.

SilentSausage93

I'm also having this same issue, Anyone got any further suggestions on a solution?

Derelict

Wat. Remote network field only appears for the device configured as the "server" - "client" side does not get that field.

Server and Client both have remote networks field in a point-to-point configuration. It is the only way to add the kernel routes that forward the traffic into OpenVPN when you can't push them to the client.

Look at the diagram in my sig.

If Host B1 (172.25.233.100) cannot ping Host A1 (172.25.232.100) can it ping the far side pfSense interface (172.25.232.1) ??

If so, check the LOCAL firewall (think windows firewall) on host 172.25.232.100.

marvosa

Post the server1.conf from the server and the client1.conf from the client, so we can offer a targeted troubleshooting effort.

I see one issue right off the bat:

I have set "IPv4 Remote Network(s)" on both client and server to use the same IP network.

In a routed solution, all LAN subnets have to be unique and non-overlapping… i.e. the server-side LAN has to be different than the client-side LAN, which should be reflected accordingly in the IPv4 Remote network(s) box on both sides.