OpenVPN Routing Issue



  • I have an issue with setting up and OpenVPN Site to Site SSL/TLS link between two sites.

    It all worked fine previously, but after deleting the tunnel and recreating it, the tunnel comes up but routing between the two sites IP addresses do not work.

    Site A (Server) Subnet = 192.168.60.0/24
    Site B (Client) Subnet = 192.168.69.0/24
    OpenVPN Tunnel Subnet = 10.0.9.0/24
    Site A Tunnel IP (Server) = 10.0.9.1
    Site B Tunnel IP (Client) = 10.0.9.2

    The only odd thing that I can see is the following in the routing table at each of the Server side and the Remote side:

    The server sides routing table has 10.0.9.0/24 via gateway 10.0.9.2 which is the remote sites Tunnel IP. The remote site has 10.0.9.0/24 via gateway 10.0.9.1 which is the servers sides IP. Surely I would expect each site to be the other way round? Access to the 10.0.9.0/24 Subnet from the OpenVPN server should be via its own tunnel IP 10.0.9.1 and the remote side should be via its own IP 10.0.9.2?

    Like I’ve said, the tunnel comes up fine but I cannot ping either site from each site and I cannot ping either sides OpenVPN Tunnel IP Address either from the Ping utility within PFSense or from command line when SSH’ing into both sites PFsense instance.

    Like I’ve said before, this was all working fine, but after deleting the setup to change the encryption levels to high settings, it now won’t work and I’m completely stuck. I’ve tried deleting all CA Certificates, Server Certificates, User Certificates, Client Overrides and starting over using default settings. I’ve tried a Peer to Peer Preshared Key setup with the same results... the tunnel comes up fine, but routing between the two sites and the VPN tunnel Subnet will not ping each other... I’ve tried everything and I’m stumped :(

    I also have another setup using a different version of PFSense as the server (2.3.2) connecting to remote client PFSense firewalls that are on a mixture of 2.4.x at the remote sites and it all works fine.

    I’m willing to pay someone hourly to help me via TeamViewer if there’s anyone out there that can help?



  • Why did you delete the whole Config only to change the encryption settings? You can just Edit all the settings...
    Do you have your Firewall Rules in place in the OpenVPN Tab? For testing just do some any any Rule.

    -Rico