Can't seem to access IPSEC tunnel to edgerouterX via openVPN
lowlytech last edited by
Hello all, I have recently been introduced to pfsense and I am really liking the system. Before this I was using edgerouters pretty much by default, but now I leaning toward pfsense.
So my current issue I am trying to work through is as follows..
I replaced an edgerouter at an office I work for this last weekend with a pfsense box with the idea to push all their remote activity through OpenVPN. They have a sister office in a neighboring town that still has an edgerouterX with about 6 clients. Before, both edgerouters were linked with IPSec VPN. Well got the pfsense to link back up to the remote edgerouter and pings work great via both directions when your physically in the network, however when I remote in via the OpenVPN client I can ping everything in the main office great, but when I try to send data through that IPSec tunnel to the sister office I get time outs or TTL expired in transit which looks like a route issue as when I did a tracert i can see the packet going back and forth between two routers that are their ISP's til it drops it. I did some googling and found that I need to add an entry of push "Route x.x.x.x" which I tried, but I am not grasping what phase 2 setups that are required. In the sister location I put the openvpn range there, but that may be my issue.
Main network 172.16.1.0/24 (where pfsense is installed)
Sister network 172.16.2.0/24 (IPSec vpn tunnel)
openvpn client 10.0.0.0/24
I put the 10.0.0.0/24 range in a 2nd proposal on the edgerouter 172.16.2.0 side, but I may not have done this right.
Assuming I need the push "route x.x.x.x" entry in the OpenVPN config would this just simply be push "route 172.16.2.0 255.255.255.0"
This is only my 2nd pfsense install so I am still learning. Happy to send any config or logs over. I really appreciate any input on this. I think all the other issues I have gotten through, it is just this one Openvpn to sister site connection issue that I can't seem to get working.
Thanks again for the help.