Site-to-Site from server can reach clients, but no client to client

danesco

I set-up a site to site config following the guide in the Pfsense wiki
http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_%28Shared_Key,_2.0%29

I see no problems in the connection, i can see in status the openvpn client.

The problem is that my clients can't reach other clients. For example:

From my server A i can ping any host on net B
but, from a client in A i can not ping anything in B

Same in other way, server B can ping and reach any host in A, but clients in B can not ping nothing in A.

In the firewall rules i have all allowed to do the test, in LAN and OPENVPN interface.

nydiow

Did add routes? Adding routesyou can provide cliente to client.

You can see this on Advanced Options on the Wiki that you pasted here.

danesco

I think thats not necesary because in remote network field i put the oposite LAN network right? and the advance options its for other LANs, in all case i added to but its not working yet  :(

danesco

This is the exit for netstat -rn

This on server 172.16….

144.0.0.0/16      10.0.8.1          UGS        0        0 ovpnc1
172.16.0.0/16      link#1            U          0  9107215    vr0
172.16.0.1        link#1            UHS        0        0    lo0

And server 144.0...

144.0.0.0/16      link#1            U          0  533829    vr0
144.0.1.20        link#1            UHS        0        0    lo0
172.16.0.0/16      10.0.8.2          UGS        0        0 ovpns1

danesco

Sorry for the bump, but this is something that have me  ??? ???

Its wrong the aproach that im doing? its not possible with site-to-site that a client for A can reach B? why the servers can see every client on other side but not clients see other clients.

marcelloc

Use tcpdump and traceroute To detect what is going wrong.

Also check netmasks on your setup.

It Does not make sense server Does and client dont
The firewall can't check this on ping for example.

danesco

With packet capture, when i try to ping from A client to B, is nothing captured on OpenVPN interface, (i have only one rull with ALL PASS in LAN) so i think that is a problem in pfsense routing rules or maybe a bug? but i have the update of the latest snapshot that i can download like a week ago (from some time to here firmware update does not work, i think that its for release)

marcelloc

Troubleshooting is done in console, not in gui.

Take a time at console and you will find something.

Tcpdump is your friend.