Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Site to Site Issue

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 6 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nomisnak
      last edited by

      The site to site connection is UP and when doing a ping test from pfsense diagnostics, the VPN Client can ping tunnel network IP on the client and server side. It can also ping the remote network IP of the OVPN Server/Pfsense IP.

      When I try to ping the same IPs from a workstation on the client side, I can only ping the local tunnel network IP and not the remote tunnel network IP or the OVPN server.

      I have checked other postings and tried a few things but still cannot figure out how to fix this. I assume it's routing so looking for what commands I need to add to the options box.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        The routing is set by the "Remote networks" box on both, the server and client config. Have you set this?

        Are both, server and client pfSense the default gateways in the networks behind?

        1 Reply Last reply Reply Quote 0
        • N
          nomisnak
          last edited by

          I have set "IPv4 Remote Network(s)" on both client and server to use the same IP network.

          I have set up the default gateway as well for both sides of the networks.

          For something different, I reversed the setup of who is server and client. I found that I was able to ping from a workstation the local and remote tunnel IP but not the clients local gateway IP.
          During testing I inadvertently had both VPN setups running and found that I could ping from a workstation the client gateway local IP.

          Not sure if that info helps…

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            Would you share the settings and tell what you network range is on both sites?

            1 Reply Last reply Reply Quote 0
            • M
              moikerz
              last edited by

              @nomisnak:

              I have set "IPv4 Remote Network(s)" on both client and server to use the same IP network.

              Wat. Remote network field only appears for the device configured as the "server" - "client" side does not get that field.

              1 Reply Last reply Reply Quote 0
              • S
                SilentSausage93
                last edited by

                I'm also having this same issue, Anyone got any further suggestions on a solution?

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Wat. Remote network field only appears for the device configured as the "server" - "client" side does not get that field.

                  Server and Client both have remote networks field in a point-to-point configuration. It is the only way to add the kernel routes that forward the traffic into OpenVPN when you can't push them to the client.

                  Look at the diagram in my sig.

                  If Host B1 (172.25.233.100) cannot ping Host A1 (172.25.232.100) can it ping the far side pfSense interface (172.25.232.1) ??

                  If so, check the LOCAL firewall (think windows firewall) on host 172.25.232.100.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • M
                    marvosa
                    last edited by

                    Post the server1.conf from the server and the client1.conf from the client, so we can offer a targeted troubleshooting effort.

                    I see one issue right off the bat:

                    I have set "IPv4 Remote Network(s)" on both client and server to use the same IP network.

                    In a routed solution, all LAN subnets have to be unique and non-overlapping… i.e. the server-side LAN has to be different than the client-side LAN, which should be reflected accordingly in the IPv4 Remote network(s) box on both sides.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.