OpenVPN site to site PKI partially up?
-
Any help is greatly appreciated.
Two sites – trying to (re)set up OpenVPN site to site with PKI. Routers at both are full install pfsense 2.0.1.The tunnel seems to be up. Site A has OpenVPN server. Site B is OpenVPN client. Both are set to allow all traffic on the OpenVPN interface.
I have NAT redirects setup so I can SSH and webGUI to site B pfsense through the WAN (it beats driving back and forth).
Everything looks up from webGUI Status -> OpenVPN display at both sites. The routes appear to be correct at both sites -- the remote subnet is routed through the VPN gateway. I can ping site A from site B through SSH, but not through the webGUI or any computer on site B subnet. I can traceroute to site A LAN from site B SSH pfsense console AND webGUI. I can't ping site B at all, by any means, from site A.
I used to have this setup with pfsense 1.2.3 at all sites and it was rock solid. I must be missing a setting somewhere?
Again, any help appreciated. -
(…)
I must be missing a setting somewhere?
(...)The iroute command for the site B subnet on site B vpn client.
-
Thanks for the suggestion.
Just tried adding in the iroute command…
The status under Status->OpenVPN changed to down and I could no longer ping from site B.
I already have "route [site B subnet] [subnet mask]" command in server under the advanced options.