4. OpenVPN site-to-site tunnel connected but can't access local network

OpenVPN site-to-site tunnel connected but can't access local network

  • L

    Hi everyone,

    I have a pfSense (2.4.4) OPENVPN site-to-site (shared key) setup. The VPN tunnel is up and from each of the pfSense boxes I can ping the remote subnets. When I want to ping or access the remote subnet from a client-PC I get a timeout.

    • Tunnel IP is 10.0.9.0/24 (I also tried 30) on server and client side

    • Serverside subnet is 192.168.250.0/24

    • Clientside subnet is 172.16.0.0/21

    • Remote subnets are configured in OPENVPN configuration

    • OPENVPN firewall rules any-any are configured on both sides

    • OPENVPN Gateway on clientside is created en firewallrules any-any are set

    • Remote subnets are visible in routing tables

    • Local windows firewalls are disabled

    I tried using a outbound NAT rule -> No succes
    I tried adding static routes -> No succes

    Anybody got ideas on what I'm doing wrong?

    Thx!

    0
  • Y

    Your settings seem okay to me. I just started using OpenVPN though. I'm assuming you went through these links:
    https://docs.netgate.com/pfsense/en/latest/book/openvpn/site-to-site-example-configuration-shared-key.html
    https://docs.netgate.com/pfsense/en/latest/book/openvpn/troubleshooting-openvpn.html

    Have you tried using Packet Captures on each side to look for ICMP traffic? You might need to post some sanitized configs for more help.

    0
  • L

    Hi Guys,

    I figured something out. There is also a IPSec tunnel on our pfSense for other purposes. When I stop the IPSec service traffic is passing fine in the OPENVPN connection.
    Any idea how I can use a combination (IPSec must stay but in combination with some extra OPENVPN tunnels)?
    I also tried extra IPSec tunnels but same problem (IPSec tunnel Phase 1 & 2 are Up but no LAN traffic possible between my subnets).

    0
  • LAYER 8 Moderator

    OpenVPN and IPSec have no problem whatsoever in co-existing and having tunnels defined. If stopping IPSEC makes your OVPN tunnel work, you have it wrong. Most commonly you are probably using the same subnets on OVPN as in IPSEC or try to route a network that is already defined in IPSEC. Without your config, that's all we can guess.

    0
    L
     1 Reply
  • L

    This post is deleted!
    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy