Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Shared Key VPN not working

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 392 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Spudnet
      last edited by

      Hello all,

      Site A (Server) 10.10.1.0/8
      Site B (Client) 10.10.2.0/8
      Tunnel network 192.168.1.0/24
      IPv4 Remote network for Server 10.10.1.0/8
      IPv4 Remote network for Client 10.10.2.0/8
      VPN Connection is connected and online.

      OpenVPN tab on both ends has an allow all rule.
      PFsense GUI cant ping between networks, if however I change subnet to /24 I can ping from gui on network.
      Anytime I set the correct /8 prefix I cant connect and I get “ERROR: FreeBSD route add command failed: external program exited with error status: 1” in the firewall logs.
      I have watched and read everything for over a day now, all I want to get working is a few printers between two sites.
      Can anyone please help me as I am pulling what little hair I have left out.

      KOMK 1 Reply Last reply Reply Quote 0
      • KOMK
        KOM @Spudnet
        last edited by

        @spudnet You can't have the same local network on both ends of the tunnel. That's why it works with a /24 but not a /8. How is it supposed to know to route over the tunnel when every address, all of 10.0.0.0, appears to be local?

        S 1 Reply Last reply Reply Quote 0
        • S
          Spudnet @KOM
          last edited by

          @kom Thanks for the reply, what is my way around this then? do i need to change the entire network to a /24 as this will involve changing everything inside the network?

          KOMK 1 Reply Last reply Reply Quote 0
          • KOMK
            KOM @Spudnet
            last edited by

            @spudnet The real solution would be to bite the bullet and renumber one of the networks which is no small undertaking. Such a bizarre decision to make both a /8 unless they really do need to have 16 million clients on the same network.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.