Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN site to site - no joy- VPN up but no talk

    OpenVPN
    5
    6
    8902
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cjbujold last edited by

      Created a site to site OpenVPN using PFSense as the router at both locations(v2.0.1) both sites connect without a problem (sharedkey).  I can ping the 10.0.8.1 or 10.0.8.2 from both sides without a problem.  No errors reported in log for openvpn or firewall log.

      The issue is that neither side can ping or access PC's on the other network.  I can ping the 10.0.8.X router from the remote locations but cannot ping the actual Internal IP of the router (192.168.0.1 and 192.168.120.1).  I thought it was a routing issue so checked the route table on both PFsense device and both have an entry for the 10.0.8.1 and 10.0.8.2 route to the router and a third being the subnet route of the remote office to the remote 10.0.8.X router.  Verified each PFsense server and both have a Openvpn route that states anything to anything.

      I'm at a lost to find why we cannot actually connect to any of the remote PC's, yet the openvpn tunnel is up.  The setup used is from the user guide available on the PFsense web site. (http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_%28Shared_Key,_2.0%29)

      Any help would be appreciated

      Thanks
      cjb

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke last edited by

        On the OpenVPN Server with IP you need to add a route to the network behind the OpenVPN client (10.0.8.2)
        On OpenVPN Server go to custom Options and add:

        route 192.168.120.0 255.255.255.0;

        Probably you do not need this entry because you entered this network in "Remote Network" in the OpenVPN Server options.

        On the client OpenVPN add this:

        
route 192.168.0.0 255.255.255.0;
iroute 192.168.120.0 255.255.255.0;

        Check and allow traffic on bothe firewalls for OpenVPN.
        For testing purposes a simple "Allow any to any" rule should work.

        1 Reply Last reply Reply Quote 0
        • K
          kartweel last edited by

          Hi,

          I have this exact issue. The proposed solution doesn't work for me. If I add iroute on the client it says it is not valid.

          Did you end up getting this working?

          1 Reply Last reply Reply Quote 0
          • K
            kartweel last edited by

            So I ended up assigning an interface, which then allowed any PC to access the server on the other end, but not the remote network. So I then created a gateway and added a static route at each end to point to the other network, and gave my interface a static IP then it worked. So it really seems that I needed to duplicate the OpenVPN configuration manually for it to work. At least it works I guess… :)

            1 Reply Last reply Reply Quote 0
            • J
              jockwatson last edited by

              Is that really the only way to get this to work for even a simple site to site?

              Can I clarify with you kartweel?

              Did you assign interfaces on both client and server, and did you then assign the same static IP to the interface(s) as the OpenVPN would have been set to (so 10.0.8.1 at the server end on my config)?

              Then you add routes at each end?

              1 Reply Last reply Reply Quote 0
              • H
                heper last edited by

                entering the remote an local networks on both ends should do the trick for simple site-2-site vpn's using openvpn.

                i've done this a dozen times without fail

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post