Site To Site VPN connected but traffic not going beyond far side

Infraevo

Hi Everyone

So I have 2 pfsense systems setup and am trying to create a site-2-site network link with OpenVPN.

Site A - Server
IP network: 10.0.0.0/8
Transit Network: 172.16.0.1

Site B - Client
IP network: 192.168.1.0/24
Transit Network: 172.16.0.2

The 2 units are connected. When I do a ping test from site A it can ping anywhere into site B network. The reverse is also working. When I try to use a pc in site A and ping a pc in site B it fails and the reverse is also a failure. The pc in site A can ping 172.160.2 and the pc in site B can ping 172.16.0.1 . So the pc in each site gets to the firewall on the other side but not beyond it. I am probably missing one step but I am not sure where. Any help would be greatly appreciated.

Rene

A Former User

Hi @Infraevo
Here is the relevant section of the pfSense book for configuring site-to-site OpenVPN, you may want to go over it to check your configuration against.

https://www.netgate.com/docs/pfsense/book/openvpn/site-to-site-example-configuration-ssl-tls.html

Also, here is the OpenVPN troubleshooting guide.

https://www.netgate.com/docs/pfsense/book/openvpn/troubleshooting-openvpn.html

Hope this helps.

Thank you,

-James

Infraevo

Sorry forgot to mention using shared key

A Former User

Hi @Infraevo

Here is the section for PSK.

https://www.netgate.com/docs/pfsense/book/openvpn/site-to-site-example-configuration-shared-key.html

Thank you,

-James

marvosa

Post the server1.con from the server and client1.conf from the client.

Derelict

Why are you even trying to use 10.0.0.0/8? Are you anticipating 16 million hosts there?

When you say Transit network do you mean OpenVPN Tunnel Network?

How do the pings fail?

Infraevo

Hi Folks

I tore the entire system down and redid it from scratch from the actual manual. This time it worked . So not sure what I missed but all is good now. Thanks for your input.