Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] OpenVPN bridging Site-To-Site Interface with Client-Server Interface

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 256 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      neuroblaster
      last edited by neuroblaster

      Not sure if this is possible, but maybe it's as simple as pushing routes to the right place. I've been pulling my hair out over this.

      I have site-to-site vpn established with my Main office and my Home lab. The home lab has vm's and other devices that can be accessed from the main office and vice versa. I also have another OpenVPN instance running on the Main office pfSense for normal Client-Server VPN connections. The goal is to get the Client-Server connections to be able to communicate with my Home network devices.

      <home vlan>---<pfsense home>--vtun0--<pfSense MAIN>--vtun1--<client laptop(s)>

      I've ran wireshark on clients and did find something interesting, I'm just unsure what to do next. I ping the home vlan vm from a client laptop and get no response, or no destination unreachable. With Wireshark running on the home vm, I do see the icmp Request and Reply. Although, the reply is not arriving back to the client laptop. It's getting lost(?) somewhere along the way.

      Based off this, my thought is the home vm doesn't know where to route the vtun1 packets. Any ideas? General things I've tried:

      • I've pushed routes and manually added routes on the clients without luck. Possible not in the right places though.
      • Firewalls are basically disabled right now.
      • I have not added any custom port forwarding/NAT rules

      I'd be glad to send configs, routes, screen shots, etc in order to get this worked out. It's driving me crazy.

      Edit: SOLVED

      Like mentioned above, LAN traffic wasn't being routed properly. The LAN ping reply's where leaving out of the WAN and not the Tunnel (vtun0). Since there is no little check box to "Redirect IPv4 Gateway" on Site-to-Site server configuration, not all LAN traffic was being sent to through the tunnel.

      The fix was found on a previous post. To fix, log in to your site-to-site Client pfSense instance then..

      VPN >> OpenVPN >> Clients >> Edit client s2s interface >> set Remote Networks to: 0.0.0.0/1,128.0.0.0/1

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.