Routing traffic over pfsense openvn

fireix

Update: I managed to fix it, I can now ping remote subnet from locally attached PC, now I just have to find out why... I didn't really do any big changes before it suddenly worked.

I have pfSense OpenVPN (client in pfsense fw) a to pfSense VPN (also pfsense, but server) b. Only really need one way init of the connection, similar to roadwarrior-setup.

VPN-setup went good. I have 17.16.16.2 client and 17.16.6.1 server-side. I can ping the remote endpoints from each side and I can even ping the hosts on the server /24 subnet on the server-side like I spesified on the Server - this is from pfSense itself on the opt1/opt2 ports (virtual ports, as they are not connected physically). If I choose the wan/lan interface (where I actually have the only connection), I get no reply.

I do only have one WAN-interface/ethernet connection because the a client pfsense is only a node on the network to provide vpn to the network and is not default gw for these. Have the pfsense fw in bridge-mode on client side, but I think this is overkill now..

I have open fw on all interfaces (even allow all type of traffic on floating), activated opt1/opt2 (vpn-interface w/o cable connected).

I do see this in fw log (192.168.0.1 is ISPs broadband router)

WAN icmp 192.168.0.11:1 -> 192.168.2.100:1 0:0 4 / 0 240 B / 0 B

I usually do this on client computers (that last IP is my pfsense unit that responds to ping on WAN-interface):
route add 192.168.2.0/24 192.168.0.21

I can ping 17.16.16.2 / 17.16.16.1 - so vpn tunnel from both sides are up - even from my local computer attached to pfsense network client A.

I assume this is only a roting/fw issue - or is there some secret checkbox I also need? The vpn-log doesn't reveal any errors and both sides reports OK with no error in the vpn-logfiles. Can it be some inter-port communication issue?

fireix

And the winner was outgoing NAT-rule on the VPN-interface :)