OpenVPN Client can not traverse site 2 site vpn
-
We have a dual office setup with pfsense routers in both locations. We have a site 2 site vpn up and running okay. We also setup a remote Openvpn client to one of the routers. We can connect remote clients just fine. We can not however access anything on the other side of the site 2 site tunnel. Relatively new to pfsense and openvpn, any ideas on how to get this working would be appreciated.
-
Assuming you have a relevant, possibly default, route through the tunnel to the server, it's just normal routing from there. Whether you use a specific or default route depends on your needs, that is whether or not you want all traffic to go through the tunnel or just some.
-
@jknott Simple routing, everything goes, here is what we have:
VPN Server
Name /Default/ Int / GW / Monitor
WANGW /default /WAN /ip/ip/static
S2SVPNV4/ /S2S/ 10.8.0.2 /10.8.0.2
VPN_VPNV4/ /VPN/ 10.0.9.1 /10.0.9.1Remote
Name /Default/ Int / GW / Monitor
WANGW /default /WAN /ip/ip/static
VPN_VPN4/ / VPN/ 10.8.0.1/ 10.8.0.1 -
Well, you then configure the VPN so that it is the default route back to the server. After that, you have to configure the routing on the server to get beyond it. It's all basic routing the the fact it's on OpenVPN is irrelevant, other that making the necessary tunnel config to make it the default route, when it's up. To do that, there are a pair of redirect gateway settings, for IPv4 and IPv6 on the Servers tab. Do you have that set?
-
I'v tried different fw rules, and the redirect options on the vpn and no changes.
-
@gareigle said in OpenVPN Client can not traverse site 2 site vpn:
I'v tried different fw rules, and the redirect options on the vpn and no changes.
I don't think it's a rules issue. I'd say routing. Since this is site to site, the firewall has to route the traffic from it's local network to the other end. Devices connected to the network should have a default route pointing to the pfSense router/firewall. Each pfSense router needs to know a route to the local network at the other end. Do you have that configured. Please note, I've only configured pfSense for a "road warrier" mode, where it runs on a computer to connect back to my home network, not site to site, so I can't advise based on my config.
