Dial-in cannot communicate with Site to site
-
Hi guys,
I've two PFsense:- PFsense 1 as server of Openvpn dial-in connection and client of Site-to-site openvpn connection
- PFsense 2 as server of Site-to-site Openvpn connection
The IP's class are:
192.168.2.0 for Openvpn dial-in clients
10.10.10.0 for PFsense 1 LAN
192.168.1.0 for PFsense 2 LAN
192.168.101.0 for tunnel between PFsense 1 and PFSense2What I can do:
- l can ping from LAN interface of PFsense 1 (10.10.10.0) to LAN interface of PFsense 2 (192.168.1.0) and viceversa
- I can ping from clients connected to Openvpn dial-in connection (192.168.2.0) to PFsense 1 Lan (10.10.10.0) and viceversa
What I can't do:
- I cant ping from Openvpn dial-in clients to PFsense 2 Lan. From shell in Openvpn dial-in client the command "tracert 192.168.1.x" stucks on the first hop at 192.168.2.1.
I add the networks local and remote in each configuration setting of Openvpn, I add push "route 192.168.1.0 255.255.255.0" in Openvpn dial-in client, I add a static route in PFsense to route 192.168.1.0 by 192.168.101.1, I read a lot of posts about similar issue on Netgate forum but nothing, I can't reach 192.168.1.0 from 192.168.2.0.
Can someone help me?
Thank you -
This is the routing table of the client connected by dial-in Openvpn:
IPv4 route table
Active route:
Network address Mask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.64.23 192.168.64.122 50
10.10.10.0 255.255.255.0 192.168.2.1 192.168.2.2 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 192.168.2.1 192.168.2.2 281
192.168.2.0 255.255.255.0 On-link 192.168.2.2 281
192.168.2.0 255.255.255.0 192.168.2.1 192.168.2.2 281
192.168.2.2 255.255.255.255 On-link 192.168.2.2 281
192.168.2.255 255.255.255.255 On-link 192.168.2.2 281
192.168.64.0 255.255.255.0 On-link 192.168.64.122 306
192.168.64.122 255.255.255.255 On-link 192.168.64.122 306
192.168.64.255 255.255.255.255 On-link 192.168.64.122 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.2.2 281
224.0.0.0 240.0.0.0 On-link 192.168.64.122 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.2.2 281
255.255.255.255 255.255.255.255 On-link 192.168.64.122 306There is the route to 192.168.1.0 and it has 192.168.2.1 as a gateway, it seems ok, but I think there is anything that block communication between dial-in openvpn gateway (192.168.2.1) and the site-to-site tunnel gateway (192.168.101.1)...
Any help is appreciated
Thank you -
This is the settings on dial-in (remote access) open vpn:
-
@franco5 said in Dial-in cannot communicate with Site to site:
I add the networks local and remote in each configuration setting of Openvpn,
On pfSense 2 you have to add "192.168.2.0/24,10.10.10.0/24" to the "Remote Networks" in the server settings.
I add push "route 192.168.1.0 255.255.255.0" in Openvpn dial-in client, I add a static route in PFsense to route 192.168.1.0 by 192.168.101.1
These are not needed.
On pfSense 2 you have also to add a CSO for the S2S client and state "192.168.2.0/24,10.10.10.0/24" as "Remote Networks" in the settings.