Site to site configuration fight

darxmurf

Hi all,

Here is the situation:
I have 2 offices to link.
For the moment each workstation in Office B is mounting a vpn session with Office A to work but it's not efficient.
So, I installed a pfsense box there and connected the OpenVPN client to Office A.

Here is the setup

Users are sharing the same cert but have an AUTH/PASSW to connect the VPN.
Once connected, from the pfsense shell I can ping all the machines on LAN A without problem !
But when I try to access the LAN A from a workstation on LAN B, the only server who is answering is the Ubuntu OpenVPN server (ETH0 and TUN0). I can ping it but not the windows SRV.

Here is the OpenVPN Server conf

Ubuntu with OpenVPN 2.1 Server
ETH0 : 192.168.1.4
TUN0 : 10.8.0.1

port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.5.0 255.255.255.0"
client-config-dir ccd
route 192.168.5.0 255.255.255.0 10.8.0.2
push "dhcp-option DNS 192.168.1.4"
push "dhcp-option WINS 192.168.1.4"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
max-clients 100
user nobody
group nogroup
persist-key
persist-tun
username-as-common-name

status openvpn-status-tcp.log
log-append         /var/log/openvpn-tcp.log
verb 3
plugin /usr/lib/openvpn/openvpn-auth-pam.so login

in the ccd conf for the client I added

 iroute 192.168.5.0 255.255.255.0

From my LAN B when I try to ping the Windows server, I can see the ping query with a tcpdump on the openvpn Server but the ping reply get lost somewhere ! Don't know where !

As I'm a bit lost after all the stuff I tried, maybe you have an idea ?

Many thanks in advance