Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Not Routing to VPN client from LAN

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 789 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mrwildbob
      last edited by

      Ive been pulling all my hair out trying to figure out what I am missing. Im setting up a site2site openvpn.

      Site A
      VPN Server
      LAN ip 192.168.14.0/24
      Tunnel IP 10.10.10.1

      Site B
      VPN Client
      LAN ip 192.168.1.0/24
      Tunnel IP 10.10.10.2

      The VPN Status shows that it is up and connected.

      From Site B, If I do a Ping from PFSense and change the interface to OpenVPN, I am able to ping the remote Tunnel and LAN of Site A. If I change interface to LAN, I am not able to ping tunnel or remote LAN.

      I feel this is some kind of routing issue. Site B does not know how to route the traffic from LAN to OpenVPN Client. What did I miss?

      boB

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @mrwildbob
        last edited by

        @mrwildbob
        I assume, you have entered the respectively remote LAN into the "Remote Network/s" field on both sites?

        Maybe you remote LAN devices are blocking access from outside their own subnet by their system firewall. That's basically not uncommon, it is the default behavior of network enabled devices.

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          mrwildbob @viragomann
          last edited by

          @viragomann

          I assume, you have entered the respectively remote LAN into the "Remote Network/s" field on both sites?

          Yes, I have.

          Maybe you remote LAN devices are blocking access from outside their own subnet by their system firewall. That's basically not uncommon, it is the default behavior of network enabled devices.

          I see what you mean but none of the devices are blocking any other subnets. From Site B, I can ping from the tunnel interface to all the devices on the remote LAN and get responses. All of the devices on the network do not have any local FW enabled. I just cant ping anything from B-Lan to A-Lan. Both PFSense boxes are running the latest stable firmware.

          Thanks
          bob

          V 1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann @mrwildbob
            last edited by

            @mrwildbob
            Do the firewall rules on A on the VPN interface allow the access from remote site?

            Show the IPv4 routing table from A, please.

            From what you described, I assume both VPN endpoints are the default gateway in their respective LANs, right?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.