I can not reach VPN client side network from VPN server side network?
-
Hi,
I have VPN server in main office (192.168.0.0./24) and VPN client in branch office(192.168.8.0/24).
I can ping to Pfsense which is located in branch office. But I can not ping other IP's in branch office?!
My PfSense client configs is:
What should I do?
Regards,
Mucip:) -
@mucip said in I can not reach VPN client side network from VPN server side network?:
I can ping to Pfsense which is located in branch office.
Which IP, LAN or the VPN IP?
Is this a site-to-site with a single client only, or are there multiple clients connecting to the server?
Is the pfSense running the client the default gateway on the devices you try to reach?
-
Hi @viragomann ,
Thanks a lot for your kind interest in advance.
I have two pfsense boxes in the main office and branch office.I have two VPN Server setting in main office one for site-to-site from branch office PfSense to main office PfSense box.
And the other is for client connections from emloyee houses.Regards,
Mucip:) -
@mucip
If there is only a single client connecting to the site-to-site server, change the tunnel networks mask to /30.If you still have troubles to access the remote site come back and answer my above questions.
-
@viragomann
Yes, only one client connecting. PfSense box from branch office to Pfsense box in head office.
Do you advice me to change "IPv4 Tunnel Network"?Regards,
Mucip:) -
@mucip
Yes, you should use a /30 tunnel network for this. -
@viragomann
Should I change it on both Pfsense boxes?Regards,
Mucip:) -
@mucip
Stating a tunnel network is only needed on the server as far as I know. -
Hi @viragomann,
No. I can not ping to branch office IP from head office unfortunatelly.Regards,
Mucip:) -
Hi @viragomann,
We have Radio Link connection in the branch office.
In the begining we were using mobile boxed internet and I can ping from head office to branch office. But lately we started to use Radio link internet. I think this problem is come from internette connection difference.
I ralized this from below document.https://mitky.com/pfsense-openvpn-site-to-site-vpn/
It's written like this in the document:
It is assumed in this tutorial that the pfSense box running the OpenVPN server is getting a public (internet) IP address on its WAN interface. If the pfSense box is behind another routing device and using a local IP address from this device, this tutorial won’t work without port forwarding or placing the pfSense device in the upstream modem/router’s DMZ.How can I fix it?
Regards,
Mucip:) -
@mucip
I'm still waiting for answers to the questions in my very first post in this thread. No way to get a step beyond without this informations. -
Dear @viragomann,
- I'm trying to ping LAN IP in branch office. Because I want to put Linux File Server in Branch office.
- Yes. OpenVPN server working in Head office and only one client using this server in branch office.
- I could not understand your 3rd question. Could you explain little bit mode please?
Regards,
Mucip:) -
@mucip said in I can not reach VPN client side network from VPN server side network?:
I'm trying to ping LAN IP in branch office. Because I want to put Linux File Server in Branch office.
Can you ping the VPN IP of the client?
Can you ping it's LAN IP?
I not, is it allowed in the firewall rules?Yes. OpenVPN server working in Head office and only one client using this server in branch office.
Did you set a /30 tunnel now?
Is the VPN established (green at both sites)?I could not understand your 3rd question. Could you explain little bit mode please?
Is this pfSense in the branch the default gateway in the branch LAN or is there an other router?
-
Hi @viragomann,
Where can I see VPN IP? Because only PfSense client (Branch Office) connected to PfSence Server (Head Office).
No I can not ping LAN IP from Head office.I can ping only Pfsense which is in the BranchOffice.
Yes I set it to /30
Yes both sides are green.
Regards,
Mucip:)
