OpenVPN site to Site & Server



  • I have a pretty simple problem but i cant seem to able to figure it out.

    Below is my setup

    Site A (Head office) i am running a Openvpn server
    Site B (Ware house) connects to Site A

    This works perfectly, and i can access computers on both sides from both sides.

    Then I setup another OpenVPN Client (Private internet Access) on both Site A & Site B
    *Our ERP software is hosted in the US, we are in UAE and going through a VPN makes things load a LOT faster.
    So setup rules to route traffic to that specific site through PIA

    Now Site B works perfectly, i can access site A and our ERP traffic is routed just fine as well.

    Site A however cannot access computers on Site B.

    and i cannot figure out why. If Site B can reach site A why cant Site A reach site B.



  • So an update to this situation.
    I am able to ping computers on site B from site A when logged into pfsense terminal.
    So pfSense has access to the Site B,

    Now I'm 100% sure its some firewall rule which is not allowing computers from Site A to reach Site B.
    Please help :)

    Below is how my Lan rules are set right now.

    alt text


  • LAYER 8 Rebel Alliance

    Show Site B OpenVPN Firewall Rules tab.

    -Rico



  • Hello,

    Below is LAN Rules from Site B
    Thank you :)

    alt text


  • LAYER 8 Rebel Alliance

    Site B OpenVPN and assigned OpenVPN Interface Tab?

    -Rico



  • More development,
    I set Putty as SOCK proxy and SSH into pfSense on site A (using a computer in site A)
    and now i am able to connect to all computers on Site B as well as pfSense on site B.

    That's how im taking these screenshot atm.

    Also below are the screen shots you asked :)

    Site B OpenVPN
    alt text

    I don't get the assigned OpenVPN Interface Tab part.

    may be this? this is Site B btw
    alt text


  • LAYER 8 Rebel Alliance

    I see the OpenVPN Interfaces is your PIA stuff.
    So I've just read through your problem again, you had your Site-to-Site connection A/B fully working and the problem with A can't access B started with adding PIA as OpenVPN Client, right?
    Generally speaking for most scenarios with VPN providers you want to enable the Don't pull routes option in your OpenVPN client.
    Also check out https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html - very great hangout! Maybe you can grab some useful tips & tricks for your PIA.
    Troublesome could be your any-any Firewall Rule in the OpenVPN Tab. You allow any traffic PIA is sending in your direction there!

    -Rico


Log in to reply