site to site cannot ping between LAN clients

  • I've setup an openvpn site-to-site between my home and my parents home following this guide:

    The subnet in both sites is
    The LAN interface at my parents home (Site A) is and at my home (Site B) is
    DHCP is enabled in both sites, range is - in Site A and - in Site B, as in the guide is blocked by the firewall so it will not cross the bridge.

    I can ping between and and nothing else: pfsense at Site A cannot ping Site B LAN clients and pfsense at Site B cannot ping clients in Site A LAN.
    After some tried i've noticed that after tried to ping from "Client A" ( at Site A, to "Client B" ( at Site B, in the pfsense ARP Table at Site B was registered an entry for Client A:
    so there is some traffic passing the tunnel but

    Here is the server configuration at Site A

    The config of the client at Site B
    Firewall rules at Site A
    2c4a85b8-42d0-4fc8-9400-38b4e2c674ad-image.png a86e1e65-172a-4c08-a564-cab7583ed103-image.png 496cf4e5-ebaf-40dc-8368-a72dbbb69904-image.png

    Site B firewall
    54fce16b-e21c-4523-9dad-5c339c47ceb9-image.png 668f2d93-51c4-4c1f-a18b-ab1e834937bb-image.png 1c6ebc8e-d379-47aa-ba11-fb6389cfea47-image.png e59eb03a-fd63-434c-9ec9-857d29b57f83-image.png

    I'm quite new to this type of config with OpenVPN, i've only used a road warrior setup for my phone and nothing else.

    Seems to me like the bridge between the LAN and the VPN interface is not properly setup, but i can't see anything wrong here:
    Site A
    Site B

  • Hello,

    It will work If you disable firewall or allow ping requests from other subnets in firewall in clients machines.

  • I'm using two win10 clients for test, aside from the pfsense boxes. I've already enabled the rules on both windows firewalls and pings work in each site. Am i losing something in pfsense configs? Why i should enable ping from other subnets, the purpose of this is to make all clients figure as in the same LAN

  • LAYER 8 Rebel Alliance

    I'd recommend you to change one sides subnet and run OpenVPN in default and recommended tun mode.


Log in to reply