Site-to-Site works but I cannot access the connected subnet
-
Hi, I got a remote network (192.168.10.0) that I want to connect to from home. My Home-Network is 192.168.2.0. I configured pfSense on both sides using this https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0) howto. OpenVPN is connecting but I cannot connect to any computer of the remote network from my home network. Pinging 192.168.10.1 from a computer (e.g. 192.168.2.2) connected to my home pfSense network fails within my home network, BUT it works from my pfSense-Home-Network-Computer directly. Can someone help me? What do I have to insert as "Remote Network", "Tunnel Network" in the servers's OpenVPN config and what do I have to use as "Remote Network" in the client's OpenVPN settings? Do I have to create a NAT rule or a route?
Thanks a LOT!
-
What do you see under "Firewall" -> "NAT" -> "Oubound" ?
-
I see Mode "Automatic outbound NAT rule generation (IPsec passthrough included)" selected and no mappings.
-
I switched to manual and if there is no rule for the remote subnet, add one.
![nat openvpn.jpg_thumb](/public/imported_attachments/1/nat openvpn.jpg_thumb)
![nat openvpn.jpg](/public/imported_attachments/1/nat openvpn.jpg) -
…btw you have a PASS rule for the firewall on the openVPN , or? (NAT and firewall rule on BOTH sides of the tunnel, of course)
-
I added a manual rule for the remote subnet (wich is 192.168.10.0/24) (see attachment).
I also added an OpenVPN Rule (see second attachment). Unfortunately it is still not working.![Screen Shot 2014-09-02 at 11.44.33.png](/public/imported_attachments/1/Screen Shot 2014-09-02 at 11.44.33.png)
![Screen Shot 2014-09-02 at 11.44.33.png_thumb](/public/imported_attachments/1/Screen Shot 2014-09-02 at 11.44.33.png_thumb)
![Screen Shot 2014-09-02 at 11.44.47.png](/public/imported_attachments/1/Screen Shot 2014-09-02 at 11.44.47.png)
![Screen Shot 2014-09-02 at 11.44.47.png_thumb](/public/imported_attachments/1/Screen Shot 2014-09-02 at 11.44.47.png_thumb) -
…on BOTH sides of the tunnel added?
I have TCP/UDP and ICMP allowed for the tunnel, dunno if that makes a difference.
Show us your openVPN log for the connection and check in firewall logs on both sides that nothing is blocked.