OpenVPN peer to peer 1-way only.
-
Been on this one for 4 days now:
1.) SSL/TLS OpenVPN tunnel sets up without errors . (logged for days)
2.) Can ping either end of network tunnel from either Server (A) or Client (B)
3.) From B can ping all of A's networks.
4.) From A cannot ping anything @ B other than end of network tunnel.
5.) Firewall setups are identical
6.) both are SG-3100 running 23.01
7.) networks: A -10.53.56.0/24, 10.53.57.0/24 B-10.53.58.0/24, tunnel 192.168.102.0/24
8.) OpenVPN routes (from table) are as expected - openvpn interface on A points to 192.168.102/0/24 and 10.53.58.0/24 while openvpn interface on B points to 192.168.102/0/24 and 10.53.56.0/24 and 10.5.57.0/24 -
@kerdiehl
Either set the tunnel network mask to a /30, which is the recommended way if you want only connect a single client to the server, or configure client specific overrides for each client if you want to connect multiple. -
@viragomann I've actually tried it both ways...Tunnels are fine, routing tables are correct, but full ping response one way, and response only to the tunnel address the other way.
So decided to use shell and run fsck on both units. One had minor inconsistencies which cleaned up, the other is exiting with notice "LOST 2 DIRECTORIES/UNEXPECTED SOFT UPDATE INCONSISTENCY".
My probable next step will be to contact NetGate for the files necessary to reformat SSD and do a bare metal install....sigh...