openvpn Roadwarrior access to both lan in site to site



  • Hi guys,

    I know, i know, i read ALOT of thread about this question but i didn't find my answer or i might not understand sommething.

    Site A (server)
    pfsense 2.4.4 p1
    local network : 192.168.20.0/24

    Site B (Client)
    pfsense 2.4.4 p1
    local network : 192.168.10.0/24

    openvpn Tunnel : 10.0.8.0/24

    This is working great, no problem there. Every machine can access any remote network machine no mather wich side.

    Roadwarrior connect on Site A (tunnel 10.0.20.0/24), no problem. See every machine on local network but nothing on Site B

    On server side in openvpn, i put 192.168.20.0/24,10.0.20.0/24 in local network
    On client side, i put 192.168.20.0/24,10.0.20.0/24 in remote network

    Server side Firewall rules :
    Wan : IPV4 UDP all open on site to site port and another rule wich same setting on roadwarrior port.
    Lan : IPV4, lan net, any destination, any port, any gateway
    openvpn : IPV4 all open

    Client side Firewall rules :
    Wan : IPV4 UDP all open on site to site port
    Lan : IPV4, lan net, any destination, any port, any gateway
    openvpn : IPV4 all open

    i cant pin point what could go wrong. site to site work flawlessly since years, roadwarrior work flawlessly on local network.

    If you can help me on this, i would realy appreciate !

    thanks in advance ;)



  • In order for your roadwarrior clients to access resources @ site B, two things need to happen:

    1. Site A's road warrior clients need to know that site B's LAN subnet should be routed down the tunnel
    2. Site B needs to know where to send the return traffic for site A's road warrior clients

    Based on the above, the following adjustments should be made to the configs:

    Site A:

    1. Road Warrior config should have "192.168.20.0/24, 192.168.10.0/24" on the IPv4 Local network(s) line. (Remove 10.0.20.0/24).

    Site B:

    1. Re-verify the site-to-site config has "192.168.20.0/24, 10.0.20.0/24" on the IPv4 Remote network(s) line

    Once the site-to-site tunnel is re-established and the clients re-connect, you should be good to go.