OpenVPN site2site not working



  • I'm trying to setup a site2site OpenVPN with pfSense as client and a remote VPS as server (not a pfSense, just openvpn package from Linux repository). pfSense LAN subnet is 192.168.1.0/24 while VPS LAN subnet is 192.168.2.0/24, I want to be able to reach one subnet from the other and viceversa. I already successfully connected pfSense to OpenVPN server but I can't ping anything from the client except pfSense VPN interface; the firewall is disabled and the routing table should be ok.

    /etc/openvpn/server.conf:

    local X.X.X.X
    port 1194
    proto tcp
    dev tun
    ca ca.crt
    cert server.crt
    key server.key  
    dh dh2048.pem
    topology subnet
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    push "route 192.168.2.0 255.255.255.0"
    client-config-dir ccd
    route 192.168.1.0 255.255.255.0
    client-to-client
    keepalive 10 120
    tls-auth ta.key 0
    cipher AES-256-CBC
    auth SHA256
    max-clients 2
    user nobody
    group nobody
    persist-key
    persist-tun
    status openvpn-status.log
    log-append  /var/log/openvpn.log
    verb 3
    

    /etc/openvpn/ccd/client1:

    ifconfig-push 10.8.0.2 255.255.255.0
    iroute 192.168.1.0 255.255.255.0
    

    pfSense (client) routing table:

    Screenshot_26.png

    VPS (server) routing table:

    Screenshot_27.png

    Trying to ping VPN server interface on 10.8.0.1:

    Screenshot_28.png

    Of course pinging 192.168.2.1 (LAN interface of openVPN server) doesn't work.



  • @Cricco95 said in OpenVPN site2site not working:

    the firewall is disabled

    The firewall on the VPS as well?



  • @viragomann said in OpenVPN site2site not working:

    @Cricco95 said in OpenVPN site2site not working:

    the firewall is disabled

    The firewall on the VPS as well?

    Yes, the VPS is a CentOS and firewalld is disabled.



  • Why do you use a /24 net for a site-2-site. A /30 will be the better choice here.

    @Cricco95 said in OpenVPN site2site not working:

    Trying to ping VPN server interface on 10.8.0.1:

    You did the ping from WAN IP. Don't know what your WAN is, but you may miss the route.

    What it you do a ping from LAN?
    If it works, try a ping from LAN to the remote LAN IP of the server.


Log in to reply