PfSense site-to-site PKI: can ping to one site, not the other



  • Here is my setup:

    stock pfSense v1.2.3 (both sides)

    Office:

    OpenVPN Server configured using PSK
    LAN: 192.168.16.0/24
    VPN: 10.21.11.0/24

    Home Office:

    OpenVPN Client configured using PSK
    LAN: 10.111.10.0/24

    I can connect succesfully and ping 192.168.16.0/24 from the Home Office, but not the other way around.  No clues appear in the OpenVPN logs or Firewall logs.

    I see what I believe to be the proper routes via "netstat -rn" on both sides.  The weird thing is from the Office side, I can't ping any of the VPN IPs which I would assume I should be able to.

    What am I missing?



  • Have you tried following some of the stickies in this forum such as http://forum.pfsense.org/index.php/topic,12888.0.html ?


  • Rebel Alliance Developer Netgate

    This was solved on IRC, I believe. He switched to using a real PKI setup (not shared key/PSK), and adding route/iroute statements as needed, and it started to work.


Locked