Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense site-to-site PKI: can ping to one site, not the other

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dniesen
      last edited by

      Here is my setup:

      stock pfSense v1.2.3 (both sides)

      Office:

      OpenVPN Server configured using PSK
      LAN: 192.168.16.0/24
      VPN: 10.21.11.0/24

      Home Office:

      OpenVPN Client configured using PSK
      LAN: 10.111.10.0/24

      I can connect succesfully and ping 192.168.16.0/24 from the Home Office, but not the other way around.  No clues appear in the OpenVPN logs or Firewall logs.

      I see what I believe to be the proper routes via "netstat -rn" on both sides.  The weird thing is from the Office side, I can't ping any of the VPN IPs which I would assume I should be able to.

      What am I missing?

      1 Reply Last reply Reply Quote 0
      • F
        focalguy
        last edited by

        Have you tried following some of the stickies in this forum such as http://forum.pfsense.org/index.php/topic,12888.0.html ?

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          This was solved on IRC, I believe. He switched to using a real PKI setup (not shared key/PSK), and adding route/iroute statements as needed, and it started to work.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.