OpenVPN Site-To-Site routing issues



  • Hi community,
    i have a small but big struggling issue on my pfsense setup.

    What I have done:
    I have two pfsense server which are connected together via OpenVPN Site-To-Site with shared key.

    I setup routing with the remote networks which should be routed trough the vpn, but there is the issue.

    I can talk with the machines from the other site but only when:
    -pfsense diagnostic tools / this machine can talk with the remote machines everything works
    -my computer/server behind , in my local network can not except I setup manual routes on the computer to my remote network or machines

    I've setup firewall rules only , NAT is automatic etc. , if I use a peer to peer vpn, everything works

    What can it be , that I have to setup manual routes ?

    my networks are:

    • local site a 192.68.0.0/24 -> if I set to 192.168.0.0/16 that all will be routed nothing works
    • local site b 192.68.255.0/24
    • tunnel both sites : 10.0.0.0/8

    if you have other questions to my configuration, I will post it, but before I try to make it short.

    For answer and assumptions I will be many thankful,

    Taegu


  • Netgate

    First off, using 10.0.0.0/8 as a tunnel network is not what you want to do. Change that to something like this on both sides:

    10.186.216.0/30

    192.168.0.0/16 covers both sides, so you can't use it as a remote network there. You want to set these remote networks:

    On site A: Remote Networks: 192.168.255.0/24

    On site B: Remote Networks: 192.168.0.0/24

    It is possible you are trying to supernet everything that is not a local interface but is in 192.168.0.0/16 from both sides, which should be doable, but I would simply get it working first. We are going to need to see full routing tables, firewall rules, etc to see why a supernet isn't working.