Site-to-Site works but I cannot access the connected subnet



  • Hi, I got a remote network (192.168.10.0) that I want to connect to from home. My Home-Network is 192.168.2.0. I configured pfSense on both sides using this https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0) howto. OpenVPN is connecting but I cannot connect to any computer of the remote network from my home network. Pinging 192.168.10.1 from a computer (e.g. 192.168.2.2) connected to my home pfSense network fails within my home network, BUT it works from my pfSense-Home-Network-Computer directly. Can someone help me? What do I have to insert as "Remote Network", "Tunnel Network" in the servers's OpenVPN config and what do I have to use as "Remote Network" in the client's OpenVPN settings? Do I have to create a NAT rule or a route?

    Thanks a LOT!



  • What do you see under "Firewall" -> "NAT" -> "Oubound" ?



  • I see Mode "Automatic outbound NAT rule generation (IPsec passthrough included)" selected and no mappings.



  • I switched to manual and if there is no rule for the remote subnet, add one.

    ![nat openvpn.jpg_thumb](/public/imported_attachments/1/nat openvpn.jpg_thumb)
    ![nat openvpn.jpg](/public/imported_attachments/1/nat openvpn.jpg)



  • …btw you have a PASS rule for the firewall on the openVPN , or? (NAT and firewall rule on BOTH sides of the tunnel, of course)



  • I added a manual rule for the remote subnet (wich is 192.168.10.0/24) (see attachment).
    I also added an OpenVPN Rule (see second attachment). Unfortunately it is still not working.

    ![Screen Shot 2014-09-02 at 11.44.33.png](/public/imported_attachments/1/Screen Shot 2014-09-02 at 11.44.33.png)
    ![Screen Shot 2014-09-02 at 11.44.33.png_thumb](/public/imported_attachments/1/Screen Shot 2014-09-02 at 11.44.33.png_thumb)
    ![Screen Shot 2014-09-02 at 11.44.47.png](/public/imported_attachments/1/Screen Shot 2014-09-02 at 11.44.47.png)
    ![Screen Shot 2014-09-02 at 11.44.47.png_thumb](/public/imported_attachments/1/Screen Shot 2014-09-02 at 11.44.47.png_thumb)



  • …on BOTH sides of the tunnel added?

    I have TCP/UDP and ICMP allowed for the tunnel, dunno if that makes a difference.

    Show us your openVPN log for the connection and check in firewall logs on both sides that nothing is blocked.