Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site-to-Site works but I cannot access the connected subnet

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      amorph
      last edited by

      Hi, I got a remote network (192.168.10.0) that I want to connect to from home. My Home-Network is 192.168.2.0. I configured pfSense on both sides using this https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0) howto. OpenVPN is connecting but I cannot connect to any computer of the remote network from my home network. Pinging 192.168.10.1 from a computer (e.g. 192.168.2.2) connected to my home pfSense network fails within my home network, BUT it works from my pfSense-Home-Network-Computer directly. Can someone help me? What do I have to insert as "Remote Network", "Tunnel Network" in the servers's OpenVPN config and what do I have to use as "Remote Network" in the client's OpenVPN settings? Do I have to create a NAT rule or a route?

      Thanks a LOT!

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        What do you see under "Firewall" -> "NAT" -> "Oubound" ?

        1 Reply Last reply Reply Quote 0
        • A
          amorph
          last edited by

          I see Mode "Automatic outbound NAT rule generation (IPsec passthrough included)" selected and no mappings.

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by

            I switched to manual and if there is no rule for the remote subnet, add one.

            ![nat openvpn.jpg_thumb](/public/imported_attachments/1/nat openvpn.jpg_thumb)
            ![nat openvpn.jpg](/public/imported_attachments/1/nat openvpn.jpg)

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              …btw you have a PASS rule for the firewall on the openVPN , or? (NAT and firewall rule on BOTH sides of the tunnel, of course)

              1 Reply Last reply Reply Quote 0
              • A
                amorph
                last edited by

                I added a manual rule for the remote subnet (wich is 192.168.10.0/24) (see attachment).
                I also added an OpenVPN Rule (see second attachment). Unfortunately it is still not working.

                ![Screen Shot 2014-09-02 at 11.44.33.png](/public/imported_attachments/1/Screen Shot 2014-09-02 at 11.44.33.png)
                ![Screen Shot 2014-09-02 at 11.44.33.png_thumb](/public/imported_attachments/1/Screen Shot 2014-09-02 at 11.44.33.png_thumb)
                ![Screen Shot 2014-09-02 at 11.44.47.png](/public/imported_attachments/1/Screen Shot 2014-09-02 at 11.44.47.png)
                ![Screen Shot 2014-09-02 at 11.44.47.png_thumb](/public/imported_attachments/1/Screen Shot 2014-09-02 at 11.44.47.png_thumb)

                1 Reply Last reply Reply Quote 0
                • ?
                  Guest
                  last edited by

                  …on BOTH sides of the tunnel added?

                  I have TCP/UDP and ICMP allowed for the tunnel, dunno if that makes a difference.

                  Show us your openVPN log for the connection and check in firewall logs on both sides that nothing is blocked.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.