OpenVPN site to site one-way problem



  • Hello guys,

    I am losing my head over here. I have successfully set up an Shared Key openvpn site to site between 2 offices.
    Office A is the VPN server's office.
    Office B is the VPN client office.
    The tunnel is up and running and I can ping normally from both LAN interfaces inside the PFSENSE Diagnostics Ping menu. No problem pinging the other side's network from PFSENSE then.

    I can also ping from Office A client pcs normally to the Office B.

    But I can't ping anything from Office B to the VPN tunnel. The DHCP's gateway is set to be the firewall's IP, the DNS as well (along with other DNS servers like 9.9.9.9). I have DNS forwarder in both Firewalls. How is this possible. It seems like when I ping OFFICE A, it does not know how to route the traffic to VPN tunnel. Should I add anything to NAT?

    By the way I managed to make it work for two days. Then after a Pfsense restart (or the client pc I am working on and test) in office B nothing works again. I suspect it has something to do with the DHCP server, but for the love of God, I can't locate the source of the problem.

    When I ping from my PC I can See in the Packet Tracer(LAN) that it tries to ICMP the target but no response.
    But in the Packet Tracer(VPN Tunnel Interface) nothing happens.

    So it does not push the packets into the VPN tunnel, is this the case?

    Please help…



  • Guys problem solved,

    For some reason unknown to me yet, PFBlockeNg was blocking access to pinging and HTTPS sites of the remote network. Http sites worked normally. Once I disabled PFBlockerNG, everything works as expected. Now I have to find the setting in PFBlockerNG to allow simultaneous operation of Site 2 Site VPN and PFBlockerNG .

    Any recommendation is welcome.


Log in to reply