Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    openVPN site to site - client cannot reach server side network ( can reach server )

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 624 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • olakaraO
      olakara
      last edited by olakara

      Hi,

      I have pfsense (2.4.4-p2) installed at two sites.
      On one of them is at the main office and I created to openvpn server ( 10.11.2.2/16 ).
      The second one is locate in branch office and setup as openvpn client (192.168.169.1/24).
      tunnel ip 192.168.188.0/24
      both side pfsense is the gateway for user machines ( firewall disabled )

      from server side network i can reach client side pfsense and network pc eg: 192.168.169.10
      but from client side i can ping only pfsense server ( 10.11.2.2 ) not any other devices under 10.11.0.0/16
      both pfsense firewall openvpn settings are any to any ...

      a traceroute from client network reach as follows:
      Tracing route to 10.11.222.141 over a maximum of 30

      1 <1 ms <1 ms <1 ms 192.168.169.1
      2 41 ms 46 ms 41 ms 192.168.188.1
      3 * * * Request timed out.
      4 * * * Request timed out.
      5 * * * Request timed out.

      means it reach the tunnel ip at server side then drops....any thoughts highly appreciated ...

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Show screenshots of your server and client side OpenVPN settings and firewall rules.

        -Rico

        1 Reply Last reply Reply Quote 0
        • olakaraO
          olakara
          last edited by

          Thank you for the reply, Please find screenshots as follows:

          server:

          0_1549795053044_srvr-vpn1.png
          0_1549795063070_srvr-vpn2.png 0_1549795072537_srvr-fw1.png
          0_1549795078395_srvr-fw2.png

          Client:

          0_1549795084225_client-vpn1.png
          0_1549795100931_client-vpn2.png
          0_1549795111272_client-fw1.png

          1 Reply Last reply Reply Quote 0
          • RicoR
            Rico LAYER 8 Rebel Alliance
            last edited by

            Why is your Client side remote network set to 10.0.0.0/8 and not 10.11.0.0/16 ?

            -Rico

            1 Reply Last reply Reply Quote 0
            • olakaraO
              olakara
              last edited by

              first it was10.11.0.0/16, I was trying any luck with /8 subnet :)

              1 Reply Last reply Reply Quote 0
              • RicoR
                Rico LAYER 8 Rebel Alliance
                last edited by

                Well with Remote Networks not matching properly I would expect it not working, so put your main office network 10.11.0.0/16 there.
                Can you ping main office network clients from the remote side pfSense directly?

                -Rico

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.