OpenVPN 2.0-Beta Client to 1.2.3 Server "won't route" or firewalled?
-
This could easily be a PEBKAC- I have limited-enough experience with OpenVPN that I may have just configured something wrong, but as-yet I've been unable to get my OpenVPN Site-to-Site to "work" properly.
"Remote" pfSense - 192.168.4.1/24 - 2.0, snapshot from 2010-02-15 around 8 PM EST? (client)
"Central" pfSense - 172.16.0.254/24 (CARP to 172.16.0.1) - 1.2.3-RELEASE (server)Using 'shared key' with OpenVPN, and the tunnel is configured as 172.16.254.0/24
(172.16.254.1 being OpenVPN server, .2 being the client, I believe?)"Remote" has a PASS ALL * * * * rule in the OpenVPN configuration.
Both pfSense boxes are able to ping and communicate with the machines on the other end of the tunnel's subnet.
The workstations on both ends of the tunnel are able to ping both sides of the "Tunnel"'IPs - 172.16.254.1 and 172.16.254.2
However, no workstations/whatever on either end of the tunnel are able to ping or otherwise reach the machines on the opposite end.
Worth noting - the 1.2.3 machine may have had firewall rules enter into a temporarily-defined "OPT" interface associated with "TUN" - and may not have been rebooted since. (That is likely my nest section to check out)
-
Looks like the 1.2.3 machine needed to be rebooted - appears that there's a bug (or at least unexpected behavior) regarding OpenVPN-interface assignment and filtering. After the reboot of the 1.2.3 machine, everything works more or less as expected.
Worth noting - the 1.2.3 machine may have had firewall rules enter into a temporarily-defined "OPT" interface associated with "TUN" - and may not have been rebooted since. (That is likely my nest section to check out)