Can't ping from local network to remote
-
Ok, I must be doing something wrong here… All traffic (that I've tested) initiated from the remote side of my site-to-site works just fine. Pings from my local pfsense to the remote pfsense work fine. Pings from my local pfsense to a machine on the remote network fail. Pings from a computer on my local network to the remote pfsense or anywhere else on the remote network fail.
Diagnostics > Route on both sides shows appropriate routes for traffic passing to the other side.
Is this the way it's supposed to work or have I screwed something up?
-
May be you need a "Client specific override" with an iroute to your destination, e.g. iroute "192.168.251.0 255.255.255.0";
-
I'm not sure I really understand what you mean. Does that go on the client system or the server system? What would I enter for Common Name (I'm using shared key)?
-
Ok, something odd happened. I clicked edit on the remote-side and then save (no changes) and once the tunnel came back up the local-side pfsense box could ping everything on the remote-side (instead of just the pfsense box as before). I clicked edit/save again and it went back to just being able to ping the remote pfsense box.
Honestly, I'm getting kind of tired of this. Between traffic only being able to be initiated from one direction and the tunnel not automatically reestablishing when there is an issue, OpenVPN seems entirely too fragile and flaky to be used. Maybe I'll revisit it in a year or two to see if anything has improved.
-
OpenVPN automatically reconnects. It doesn't wait for traffic, it tries constantly. There is a 60-second timeout (but that can be tweaked in the custom options).
When you save on the server end, the process restarts which disconnects the client, which can then take up to a minute to reconnect.
When you save on the client, the process restarts and it will reconnect right away.
There is nothing wrong with OpenVPN when setup properly, I use it all over the place every day and have zero issues. I have far more issues with IPsec tunnels on a weekly basis.