Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Same boat - Site to Site not working at 2.6.0 upgrade to 2.7.0

    OpenVPN
    3
    3
    305
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TC10284
      last edited by

      I am in the same boat as everyone else. Site to site quit working after the upgrade to 2.7.0 from 2.6.0

      "Server" pfSense is 192.168.1.1/24 on my LAN at location 1
      "Client" pfsense is 192.168.2.1/24 on my LAN at location 2
      Tunnel is 10.10.10.0/24.

      Devices at location 1 can ping devices at location 2 just fine. Not the other way around. I can no longer ping devices at location 1 from location 2. This worked perfectly fine prior to the 2.7.0 upgrade.

      I can ping from the pfSense routers themselves to any device on either network though.

      The OpenVPN status shows connected. Restarting the service or rebooting the router(s) makes no difference.

      S 1 Reply Last reply Reply Quote 0
      • S
        salinbraga @TC10284
        last edited by

        @TC10284 Hello I'm from Brazil.
        I'm going through the same situation.
        I also tried to do the same thing, my VPN closes more on the client side to the server, it drips normally, now from the server to the client it does not drip, and I cannot access anything from any of the locations, for example accessing a machine from the other location.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          The the LAN at 1 can ping 2 but not the other way around then your routing is probably OK and it's most likely a NAT or firewall rule issue.

          There are a lot of troubleshooting suggestions for that sort of stuff at https://docs.netgate.com/pfsense/en/latest/troubleshooting/connectivity.html

          But to boil that down a bit, you should check:

          • Look at the OS routing table on both sides, make sure there are entries for the opposite side LAN(s) and that those routes are pointing to the correct OpenVPN interface(s).
          • When you ping from the firewall make sure to ping from both the OpenVPN interface itself (default source) and again using the LAN interface as a source. That tests routing between the LANs in both directions, not just to/from the OpenVPN interface directly, which is a much different test.
          • When pinging from a client on the LAN, look at its states under Diagnostics > States on both firewalls, there should be two entries on each, one as it enters the firewall and one as it exits the firewall. If something like outbound NAT is catching it, the NAT would show in these states. If the traffic is taking the wrong path, that would also show (e.g. it should go in LAN, out VPN, in VPN, out LAN).
          • If the packets are exiting a WAN unexpectedly it may be from those clients hitting a policy routing firewall rule, so you might need to add a rule above whatever rule it's hitting to pass VPN traffic without a gateway set.

          That should give you a better idea of what's going on and what needs fixed.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.