Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Site to Site problem after accessing remote.

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rafaelmspc
      last edited by

      Guys, I  will try to explain it in the best way and I hope you guys can help me.

      I have a Site to Site VPN (using IPsec) working perfectly. Let's call it Site A and Site B.
      My problem is, when I'm at my home and I connect to Site A (Client to Site using OpenVPN), I join in my A network without problems, but I can not ping anything to Site B

      Any tips of what can i do?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        You need to set the routing between B and the OpenVPN tunnel network in IPSec.
        To do so you have to add a second phase 2 to the IPSec configuration.

        1 Reply Last reply Reply Quote 0
        • R
          rafaelmspc
          last edited by

          Thanks for your Help! I add a second phase but i cannot access the site b yet. Im posting my confs:

          My OpenVPN conf.

          10.0.3.0/24 = My OpenVpn network
          192.168.108.0/22 = My internal Network
          172.16.0.0/16 = My Site B internal network(connected through Ipsec site to site)

          My Ipsec Conf
          The first entry entry of second phase is part of my vpn site to site, the second entry is the route i add trying to follow your tip.

          Can you help?

          Thanks.

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            Have also you added the second phase 2 on site B?

            1 Reply Last reply Reply Quote 0
            • R
              rafaelmspc
              last edited by

              Still nothing =// Route added on site B. This is my conf file from openvpn client:

              dev tun
              persist-tun
              persist-key
              proto udp
              cipher AES-128-CBC
              auth SHA1
              resolv-retry infinite
              remote 187.28.XX.XX 1198
              route 192.168.108.0 255.255.252.0
              ifconfig 172.25.1.2 172.25.1.1
              keepalive 10 60
              ping-timer-rem
              secret fwr-udp-1198.secret.key
              
              

              I My openvpn server, i  set it up the routes, i need to add something in my conf file?

              1 Reply Last reply Reply Quote 0
              • V
                viragomann
                last edited by

                Seems to be a very old pfSense version.

                Don't know, what client you're running. Doesn't it support pulling of routes, cause you have stated the route for the LAN in the client config? If it doesn't support pulling routes you have also to state the site B LAN here.

                Also maybe the route line in the client config will thwart the push routes command from server. Look in the client log for details.

                1 Reply Last reply Reply Quote 0
                • R
                  rafaelmspc
                  last edited by

                  I am using the latest openvpn client for windows. I made tests by adding the routes just on the client and another just on the server, I did not succeed. My version of Pfsense is really old V 2.2.6.

                  I configured the routes on the server:

                  persist-tun
                  persist-key
                  push "route 172.25.1.0 255.255.255.0";
                  push "route 172.16.0.0 255.255.0.0";
                  

                  172.25…..my range on this tunnel
                  172.16....The range from lan of B site.

                  1 Reply Last reply Reply Quote 0
                  • V
                    viragomann
                    last edited by

                    I presume, the routes on the client are not added by pushing from server.
                    Check the clients routing table.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.