Site-to-Site Routing

  • Hey Guys,

    I have spent a couple of days trying to setup the site to site stuff with OpenVPN and am getting nowhere. I have followed numerous tutorials and none of them seemed to have worked for me. I am trying to setup a VPN from my network ( to a friends network( via pfSense and OpenVPN so that essentially it is one network. To keep it simple, I have used a pre-shared key approach on a peer-to-peer server. The VPN link is on

    Here is the idea… (mynetwork, OVPN server)--internet--(pfsense, OVPN client)--(his network,

    So the problem is routing in my perspective, I think though... The OpenVPN status says it is connected, but he cant ping the gateway or any clients behind it. I can ping the gateway but no his IP or the clients on his network.

    This is the server setup:

    This is the client config:

    I am honestly out of ideas and routing is the only thing that comes to mind. Thanks for the help in advanced!

  • Which tutorial did you follow?  I followed this and got it working:,_2.0%29#OpenVPN_with_Site_to_Site_Routing

    -Remove what you have in the "advanced configuration" section… it's redundant.
    -Firewall->Rules->LAN tab, you can remove those last 2 entries, and everything else for that matter, you already have an any/any rule.
    -Firewall->Rules->WAN tab, should have a rule like this: |UDP| * |* | WAN address | 1194 | * | none |

    -In the Tunnel Settings section, change the Remote Network setting to (looks like he entered his LAN instead of the remote network)
    -clear anything in the advanced section here too unless you guys have more than one subnet on both sides.

  • Blank out your advanced configuration, save and restart the vpn server… see if that fixes it.

    Also- what do your server side wan rules look like?

  • Thanks guys, @marvosa, I have followed that guide exactly then started scrounging for others. I have incorporated the changes that both of you have noted, and still no dice. Here is the config as it stands now.


    **Just noticed the typo. Tunnel network should be instead of That has been fixed, but still not working.


    So still, neither side can ping each other or the gateway for that matter. I am thinking of trying a bridged config, although it would not be my first choice.
    Thanks again!

  • On the second line of the logs .. it seems it is showing an authentication/decryption error. Check your entire pre-shared keys. Your conf still shows routes to be pushed. I would also save everything again … then reboot both side.  I hope that you have the allow rule on both side.

  • Also-

    In your open VPN rules put your addresses ect…

    Your LAN rules have a lot of redundant rules.    The ANY ANY rule pretty much does it...

    What version of pfSense are you running?    I havent had a client side openvpn gateway since 2.0.1 came out...

    Shouldn't have one on the server side...


    lport 1194

    Yours (client side)is different from mine…    I don't think yours took...

Log in to reply