OpenVPN site2site not working
-
I'm trying to setup a site2site OpenVPN with pfSense as client and a remote VPS as server (not a pfSense, just openvpn package from Linux repository). pfSense LAN subnet is 192.168.1.0/24 while VPS LAN subnet is 192.168.2.0/24, I want to be able to reach one subnet from the other and viceversa. I already successfully connected pfSense to OpenVPN server but I can't ping anything from the client except pfSense VPN interface; the firewall is disabled and the routing table should be ok.
/etc/openvpn/server.conf:
local X.X.X.X port 1194 proto tcp dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.2.0 255.255.255.0" client-config-dir ccd route 192.168.1.0 255.255.255.0 client-to-client keepalive 10 120 tls-auth ta.key 0 cipher AES-256-CBC auth SHA256 max-clients 2 user nobody group nobody persist-key persist-tun status openvpn-status.log log-append /var/log/openvpn.log verb 3/etc/openvpn/ccd/client1:
ifconfig-push 10.8.0.2 255.255.255.0 iroute 192.168.1.0 255.255.255.0pfSense (client) routing table:
VPS (server) routing table:
Trying to ping VPN server interface on 10.8.0.1:
Of course pinging 192.168.2.1 (LAN interface of openVPN server) doesn't work.
-
@Cricco95 said in OpenVPN site2site not working:
the firewall is disabled
The firewall on the VPS as well?
-
@viragomann said in OpenVPN site2site not working:
@Cricco95 said in OpenVPN site2site not working:
the firewall is disabled
The firewall on the VPS as well?
Yes, the VPS is a CentOS and firewalld is disabled.
-
Why do you use a /24 net for a site-2-site. A /30 will be the better choice here.
@Cricco95 said in OpenVPN site2site not working:
Trying to ping VPN server interface on 10.8.0.1:
You did the ping from WAN IP. Don't know what your WAN is, but you may miss the route.
What it you do a ping from LAN?
If it works, try a ping from LAN to the remote LAN IP of the server.