4. Site-to-Site from server can reach clients, but no client to client

Site-to-Site from server can reach clients, but no client to client

  • D

    I set-up a site to site config following the guide in the Pfsense wiki
    http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)

    I see no problems in the connection, i can see in status the openvpn client.

    The problem is that my clients can't reach other clients. For example:

    From my server A i can ping any host on net B
    but, from a client in A i can not ping anything in B

    Same in other way, server B can ping and reach any host in A, but clients in B can not ping nothing in A.

    In the firewall rules i have all allowed to do the test, in LAN and OPENVPN interface.





    0
  • N

    Did add routes? Adding routesyou can provide cliente to client.

    You can see this on Advanced Options on the Wiki that you pasted here.

    0
  • D

    I think thats not necesary because in remote network field i put the oposite LAN network right? and the advance options its for other LANs, in all case i added to but its not working yet  :(

    0
  • D

    This is the exit for netstat -rn

    This on server 172.16….

    144.0.0.0/16      10.0.8.1          UGS        0        0 ovpnc1
    172.16.0.0/16      link#1            U          0  9107215    vr0
    172.16.0.1        link#1            UHS        0        0    lo0

    And server 144.0...

    144.0.0.0/16      link#1            U          0  533829    vr0
    144.0.1.20        link#1            UHS        0        0    lo0
    172.16.0.0/16      10.0.8.2          UGS        0        0 ovpns1

    0
  • D

    Sorry for the bump, but this is something that have me  ??? ???

    Its wrong the aproach that im doing? its not possible with site-to-site that a client for A can reach B? why the servers can see every client on other side but not clients see other clients.

    0

  • Use tcpdump and traceroute To detect what is going wrong.

    Also check netmasks on your setup.

    It Does not make sense server Does and client dont
    The firewall can't check this on ping for example.

    0
  • D

    With packet capture, when i try to ping from A client to B, is nothing captured on OpenVPN interface, (i have only one rull with ALL PASS in LAN) so i think that is a problem in pfsense routing rules or maybe a bug? but i have the update of the latest snapshot that i can download like a week ago (from some time to here firmware update does not work, i think that its for release)

    0

  • Troubleshooting is done in console, not in gui.

    Take a time at console and you will find something.

    Tcpdump is your friend.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy