OpenVPN Site to Site
-
Hey everyone,
I followed the OpenVPN site to site guide to create a tunnel between my 2 pfsense boxes and I see that the client box says the connection is up. However I cannot ping other hosts through the tunnel. Any ideas here?
Thanks
Ben -
The normal problem is that you haven't correctly configured the routes. Do all the computers on both sides use the pfSense hosts for their default gateway? If not have you manually configured the appropriate routes?
-
Hi. Thanks for your reply.
Yes I have the machines set to use the pfsense boxes as their gateways. I always have the firewall rules set as state in the document but still no luck.
Thanks
Ben -
What version of pfSense do you have on both sides? What IP ranges are you using for each LAN and for the VPN?
-
2.0-RC2
Server: 10.0.0.0/24
Client: 10.0.1.0/24
Tunnel: 10.0.12.0/24Thanks
Ben -
You've created firewall rules to allow traffic on the VPN interfaces?
Can the pfSense hosts ping the other pfSense host, over the VPN?
-
Hey, first thanks again for your help!
Yes, I have created WAN side rules for port 1194 for UDP (which is what I set the OpenVPNs to use) and also created a * rule on the OpenVPN tab as well on both the client and server.
No, I cannot ping one pfsense box from the other either.
Thanks
Ben -
Is the OpenVPN tunnel actually up? What do the logs show on each end?
-
2.0-RC2
Server: 10.0.0.0/24
Client: 10.0.1.0/24
Tunnel: 10.0.12.0/24Thanks
BenIf I remeber it right to make it work you have to make a iroute 10.0.1.0 255.255.255.0 on the server side This command can't be set in the custum options so you have to create a client-specific configuration for you client to put that command in.
Best of luck
Ghal
-
Post screenshots of your VPN log and your OpenVPN config from both sides. Do not include your Public Internet IP, domain and Pre-Shared Key.
-
Hey guys,
Figured it out and as usual, it was just a stupid error on my part. On the OpenVPN rules tab, I was only allowing all UDP traffic. Once I allowed all traffic, then all was good.
Thanks for the help!
Ben
