OpenVPN Site-to-Site Configuration Example with SSL/TLS
- 
 Hello guys, I'm sorry to bother you but I guess I might need help. I'm working on a site to site configuration. I use the following setup : Two PFsense 2.4 routers, one is server, the other is a client. I strictly followed every step of this manual on this link https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html (which is pretty well done). I have two main problems / questions. - I have a connection between the server and the client, I'm able to see the route wanted under (status --> openvpn --> routing table). When I connect to the PFsense gui on the server side and try to proceed to a ping of the pfsense client side, it doesn't works. But when I connect on the gui of the client side in order to proceed to a ping of the pfsense server, it works.
 So I'm only able to get connection in one way, as I understood, I should be able to ping both server pfsense and client pfsense from one side or the other right ? - If we suppose the first question is ok/resolved, is it possible to remote connect with open vpn (another instance/server) to this site to site vpn tunnel in order to get access ?
 If I'm correct, I should create a remote openvpn new server/instance with a different tunnel, then, via "IPv4 local networks" push route to the LAN I would like to reach ? But should I also push the tunnel of the site to site vpn ? I'm a bit confuse about this.
 Your help would be much appreciated, Yorik 
- 
 @yorik-bonsangue said in OpenVPN Site-to-Site Configuration Example with SSL/TLS: I have a connection between the server and the client, I'm able to see the route wanted under (status --> openvpn --> routing table). On both sites? @yorik-bonsangue said in OpenVPN Site-to-Site Configuration Example with SSL/TLS: When I connect to the PFsense gui on the server side and try to proceed to a ping of the pfsense client side, it doesn't works. Did you add firewall rules to the clients OpenVPN interface to allow that? @yorik-bonsangue said in OpenVPN Site-to-Site Configuration Example with SSL/TLS: is it possible to remote connect with open vpn (another instance/server) to this site to site vpn tunnel in order to get access ? No, a site-to-site setup is meant for only two sites. 
 You may setup a Multi-Purpose OpenVPN Instance instead the server, but that is quiet more difficult to configure.
 So you better go with a second server instance.
- 
 Dear viragomann, Thank you a lot for your answer. I just resolved my problem, problem I created myself. Fyi, let me answer to you : Yes I see the route on both sides and firewalls rules are ok. Also, I'm not doing the site to site only but the multi-purpose instance (sorry) : The solution was : (I'm ashamed), I did not realize that physicaly unpluging the interface deactivate the said interface and then make it unreachable, even under an icmp ping... I'm sorry for the inconvenience. Thanks again, Yorik