OpenVPN (Site-to-Site) unable to ping/access from SiteA(Server) to SiteB(Client) LAN from Local Machine
- 
 Yeah that would be one solution... with 10.x.x.x and 172.16-31.x.x, or just set the network size, ie masks so they don't overlap.. Say 10.10.1/24 on one site and 10.20.1/24 on the other... How many devices/clients do you have in each site? Your network size should be appropriate... If you have 200 devices you don't need a /8 or /12 mask for example ;) A /23 would give you 510 addresses to work with - so plenty of room for growth, etc. if you currently have 200 for example.. 10.10.0/23 = 10.10.0.1 to 10.10.1.254 10.10.2/23 = 10.10.2.1 to 10.10.3.254 etc. etc.. A /24 is very common since its very easy for human to see the network, first 3 octets... So 10.10.1.0/24 means that the 10.10.1 is the network, and that last octet 10.10.1.X is the HOST address so you have .1 to .254 to work with.. Your current networks are HUGE, over 16 million addresses in the /8 and over 1 million in the /12 - and the whole /12 is inside the /8... 
- 
 Thanks @johnpoz tomorrow morning I'll try with these IP's. 
- 
 How many devices do you have at each site, is it a handful then /24... If its 200+ then you might think of /23 if you think in the next few years you might grow to be larger then what a /24 can handle, ie 254 
- 
 @johnpoz for now it's around 150 machines, which is expected to grow in future... 
- 
 well /24 gives you 254 Ips to work with... So that quite a bit of growth ;) 
- 
 @johnpoz well yeah.. 
- 
 @johnpoz thanks man it worked. 
 I was curious to know which all mask are overlapping, So I tested with some of the mask's, which are :- 
SiteA - 10.10.1.X/8 
 SiteB - 10.20.1.X/8 , testing didn't work out.
- 
SiteA - 10.10.1.X/8 
 SiteB - 10.20.1.X/12 , testing didn't work out. It worked in only one direction
- 
SiteA - 10.10.1.X/12 
 SiteB - 10.20.1.X/12 , testing worked. Both bi-direction ping/access is happening.
- 
SiteA - 10.10.1.X/12 
 SiteB - 10.20.1.X/14 , testing worked. Both bi-direction ping/access is happening.
 Now if you don't mind can you please brief/explain why testing 1 and 2 failed, and also how to know if IP's are overlapping!!!! 
- 
- 
 http://jodies.de/ipcalc  -Rico 
- 
 @Rico thank you  
- 
 @PrashantRai said in OpenVPN (Site-to-Site) unable to ping/access from SiteA(Server) to SiteB(Client) LAN from Local Machine: Now if you don't mind can you please brief/explain why testing 1 and 2 failed, and also how to know if IP's are overlapping!!!! In both, you actually have 10.0.0.0 /8. The other address in both examples is within that range. The /8 indicates 8 of the 32 bits are used for the network portion of the address and the other bits are for the device address. So, start with any address you wish and count the bits from the left. All the bits to that point are the network address and the rest are irrelevant. So, write out those network addresses first with all 0 to the right and again with all 1. This will show you the range of addresses that network would have. 
- 
 @JKnott thank you  
- 
 @PrashantRai said in OpenVPN (Site-to-Site) unable to ping/access from SiteA(Server) to SiteB(Client) LAN from Local Machine: also how to know if IP's are overlapping!!!! You don't understand network masks, ie subnetting - but your setting up the firewall and site to site vpn? How is this? So you rust randomly picking a mask? Where did you come up with the /12? I can understand the /8 somewhat since this is whole network for 10.. I would highly suggest you do a bit of research. 
 https://www.ittsystems.com/introduction-to-subnetting/Came up on google like first hit, looks basic enough to get you started. 


