Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Site 2 Site (S2S) tunnel up, but no traffic

    OpenVPN
    3
    3
    1080
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hyperbart last edited by

      Hi!

      For a lab environment a friend and I installed a pfSense appliance at home to provide a S2S VPN between our homes.

      He has a network 192.168.5.0/24
      I have a network 192.168.6.0.24

      And in between (the tunnel itself) is a network 10.0.0.0/24 (way too big, we know, but doesn't matter for know, we'll change it to /30 when the tunnel is up ;) ).

      In the status page we can both see that the tunnel is UP.

      I am the server, he's the client. We can each ping our end of the tunnel, but not the other end of the tunnel OR the remote network.
      I filled in the remote network, he did also.

      I created a rule in my WAN-rules:
      TCP/UP
      source *
      port *
      destination *
      port 1194
      gateway *

      And in the OpenVPN leaf/tab:
      TCP/UDP
      source *
      port *
      dest *
      port *
      gateway *

      So from my point of view, traffic between my network and his should be allowed.

      Are we missing something?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        As long as you put the right networks in Local Network and Remote Network (and they are the correct way around from the point of view of the end you are at), OpenVPN will add routes for you. Use Diagnostics->Routes to see what routes you have at each end.
        And I just noticed your rules are TCP+UDP only - for ping you will need to allow ICMP. The easy way is to change the TCP+UDP to any, then any other more obscure IP protocols can also pass.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • M
          marvosa last edited by

          You shouldn't of had to create any rules… especially on the WAN side... the wizard should've taken care of that.  Do this on both sides:

          On the wan tab, pick a protocol, don't add both (unless you have a specific need for TCP, use UDP)... and the destination should be "WAN address":

          UDP|*| *| WAN address | 1194 (OpenVPN)| *

          On the OpenVPN tab, change your protocol to any:

          *| *| *| *| *| *

          1 Reply Last reply Reply Quote 0
          • First post
            Last post