Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Site-to-Site Configuration Example with SSL/TLS

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 610 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yorik.bonsangue
      last edited by

      Hello guys,

      I'm sorry to bother you but I guess I might need help.

      I'm working on a site to site configuration. I use the following setup :

      Two PFsense 2.4 routers, one is server, the other is a client.

      I strictly followed every step of this manual on this link https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html (which is pretty well done).

      I have two main problems / questions.

      1. I have a connection between the server and the client, I'm able to see the route wanted under (status --> openvpn --> routing table). When I connect to the PFsense gui on the server side and try to proceed to a ping of the pfsense client side, it doesn't works. But when I connect on the gui of the client side in order to proceed to a ping of the pfsense server, it works.

      So I'm only able to get connection in one way, as I understood, I should be able to ping both server pfsense and client pfsense from one side or the other right ?

      1. If we suppose the first question is ok/resolved, is it possible to remote connect with open vpn (another instance/server) to this site to site vpn tunnel in order to get access ?
        If I'm correct, I should create a remote openvpn new server/instance with a different tunnel, then, via "IPv4 local networks" push route to the LAN I would like to reach ? But should I also push the tunnel of the site to site vpn ? I'm a bit confuse about this.

      Your help would be much appreciated,

      Yorik

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @yorik.bonsangue
        last edited by

        @yorik-bonsangue said in OpenVPN Site-to-Site Configuration Example with SSL/TLS:

        I have a connection between the server and the client, I'm able to see the route wanted under (status --> openvpn --> routing table).

        On both sites?

        @yorik-bonsangue said in OpenVPN Site-to-Site Configuration Example with SSL/TLS:

        When I connect to the PFsense gui on the server side and try to proceed to a ping of the pfsense client side, it doesn't works.

        Did you add firewall rules to the clients OpenVPN interface to allow that?

        @yorik-bonsangue said in OpenVPN Site-to-Site Configuration Example with SSL/TLS:

        is it possible to remote connect with open vpn (another instance/server) to this site to site vpn tunnel in order to get access ?

        No, a site-to-site setup is meant for only two sites.
        You may setup a Multi-Purpose OpenVPN Instance instead the server, but that is quiet more difficult to configure.
        So you better go with a second server instance.

        1 Reply Last reply Reply Quote 1
        • Y
          yorik.bonsangue
          last edited by

          Dear viragomann,

          Thank you a lot for your answer.

          I just resolved my problem, problem I created myself.

          Fyi, let me answer to you :

          Yes I see the route on both sides and firewalls rules are ok.

          Also, I'm not doing the site to site only but the multi-purpose instance (sorry) :

          The solution was : (I'm ashamed), I did not realize that physicaly unpluging the interface deactivate the said interface and then make it unreachable, even under an icmp ping... I'm sorry for the inconvenience.

          Thanks again,

          Yorik

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.