Open VPN p2p issue

philip.abraham

Hello all.

I currently have an open VPN server running on pfsense 2.7 on two boxes. One box is the main server and the other is a P2P client tunneling back into it. The tunnel is up i can ping both Tunnel interfaces from either side of the VPN 172.16.101.1 (Main Server Pfsense box) and 172.16.101.2 (client PFsense open vpn box). I have added static routes into both FWs for the local subnets behind each one of the tunnels and when i do a route -n get with the other sides local ip address it shows to route it down the OVPN tunnel interface. I can currently ping from the OVPN interface on the client side to any device on the Server side of the tunnel, but from any interface behind the Opt1 interface i cannot ping anything on the server side nor can i ping the server side OPT1 interface (172.16.101.1). The OPT1 interface on the Server side can only ping the OPT1 interface on the client side and nothing behind it. I have quadruple checked my routes and both sides know how to route to each other but for whatever reason i am only able to ping the server side from the OPT1 interface on the client side of the tunnel. any advice would be greatly appreciated. I have done fresh installs on both sides to ensure there was no residual configs left behind.

current subnets

PFsense server side
WAN (DHCP) not currently an issue
LAN 192.168.1.0/24 Interface ip is 192.168.1.1
OPT1 172.16.101.0/29 interface ip is 172.16.101.1
static route 192.168.101.0/24 to 172.16.101.2

PFsense Client side
WAN (DHCP)
LAN 192.168.101.0/24 interface ip is 192.168.101.1
OPT1 172.16.101.0/29 interface ip is 172.16.101.2
static route 192.168.1.0/24 to 172.16.101.1

leaving this up incase anyone else has this issue. I had to add the client specific override on the server side and then i had to add ALL the local routes in the server side OVPN instance and it resolved my issue.

https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html