Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client can not traverse site 2 site vpn

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 650 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gareigle
      last edited by

      We have a dual office setup with pfsense routers in both locations. We have a site 2 site vpn up and running okay. We also setup a remote Openvpn client to one of the routers. We can connect remote clients just fine. We can not however access anything on the other side of the site 2 site tunnel. Relatively new to pfsense and openvpn, any ideas on how to get this working would be appreciated.

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott
        last edited by

        Assuming you have a relevant, possibly default, route through the tunnel to the server, it's just normal routing from there. Whether you use a specific or default route depends on your needs, that is whether or not you want all traffic to go through the tunnel or just some.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        G 1 Reply Last reply Reply Quote 0
        • G
          gareigle @JKnott
          last edited by

          @jknott Simple routing, everything goes, here is what we have:
          VPN Server
          Name /Default/ Int / GW / Monitor
          WANGW /default /WAN /ip/ip/static
          S2SVPNV4/ /S2S/ 10.8.0.2 /10.8.0.2
          VPN_VPNV4/ /VPN/ 10.0.9.1 /10.0.9.1

          Remote
          Name /Default/ Int / GW / Monitor
          WANGW /default /WAN /ip/ip/static
          VPN_VPN4/ / VPN/ 10.8.0.1/ 10.8.0.1

          1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott
            last edited by

            Well, you then configure the VPN so that it is the default route back to the server. After that, you have to configure the routing on the server to get beyond it. It's all basic routing the the fact it's on OpenVPN is irrelevant, other that making the necessary tunnel config to make it the default route, when it's up. To do that, there are a pair of redirect gateway settings, for IPv4 and IPv6 on the Servers tab. Do you have that set?

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • G
              gareigle
              last edited by

              I'v tried different fw rules, and the redirect options on the vpn and no changes.

              JKnottJ 1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott @gareigle
                last edited by

                @gareigle said in OpenVPN Client can not traverse site 2 site vpn:

                I'v tried different fw rules, and the redirect options on the vpn and no changes.

                I don't think it's a rules issue. I'd say routing. Since this is site to site, the firewall has to route the traffic from it's local network to the other end. Devices connected to the network should have a default route pointing to the pfSense router/firewall. Each pfSense router needs to know a route to the local network at the other end. Do you have that configured. Please note, I've only configured pfSense for a "road warrier" mode, where it runs on a computer to connect back to my home network, not site to site, so I can't advise based on my config.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.