strange openvpn ipsec routing problem
-
i have 2 pfsense boxes conected via ipsec, i want to enable openvpn in both of them with the clients having the ability to conect to remote ipsec network so i do the following setup
pfsense 1
Lan network 10.10.10.0/24
LanIP 10.10.10.1
OVPN Network 10.10.30.0/27
OVPN server 10.10.30.1
IPsec p2 entries
LAN <-> 10.10.20.0/24 (lan to remote lan)
10.10.30.0/27 <-> 10.10.20.0/24 (opvn to remote lan)
LAN <-> 10.10.30.32/27 (remoteovpn to lan)
Firewall
ovpn rule
any to any
Ipsec rules
10.10.20.0/24
10.10.30.0/24 (opvn local and remote)pfsense 2
Lan network 10.10.20.0/24
LanIP 10.10.20.1
OVPN Network 10.10.30.32/27
OVPN server 10.10.30.33
IPsec p2 entries
LAN <-> 10.10.10.0/24 (lan to remote lan)
10.10.30.32/27 <-> 10.10.10.0/24 (opvn to remote lan)
LAN <-> 10.10.30.0/27 (remoteovpn to lan)
Firewall
ovpn rule
any to any
Ipsec rules
10.10.10.0/24
10.10.30.0/24 (opvn local and remote)When i conenect to openvpn network in pfsense box 1 (10.10.30.2) i can ping to any host in the box 2 network (10.10.20.0/24), so far so god.
But when i connect to openvpn network in pfsense box 2 (10.10.30.34) i can't ping to any host in the box 1 network (10.10.10.0/24)
When i see the states in box2 it seems pfsense it's not routing the traffic coming from the openvpn server correctlyInterface Protocol Source State Packets Bytes
ovpns1 icmp 10.10.30.34:1 -> 10.10.10.5:1 0:0 4 / 0 240 B / 0 B
WAN icmp xxx.xxx.xxx.xxx:9289 (192.168.10.34:1) -> 10.10.10.5:9289 0:0 4 / 0 240 B / 0 BAny ideas?