Site to site configuration fight



  • Hi all,

    Here is the situation:
    I have 2 offices to link.
    For the moment each workstation in Office B is mounting a vpn session with Office A to work but it's not efficient.
    So, I installed a pfsense box there and connected the OpenVPN client to Office A.

    Here is the setup

    Users are sharing the same cert but have an AUTH/PASSW to connect the VPN.
    Once connected, from the pfsense shell I can ping all the machines on LAN A without problem !
    But when I try to access the LAN A from a workstation on LAN B, the only server who is answering is the Ubuntu OpenVPN server (ETH0 and TUN0). I can ping it but not the windows SRV.

    Here is the OpenVPN Server conf

    
    Ubuntu with OpenVPN 2.1 Server
    ETH0 : 192.168.1.4
    TUN0 : 10.8.0.1
    
    port 1194
    proto tcp
    dev tun
    ca ca.crt
    cert server.crt
    key server.key
    dh dh1024.pem
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    push "route 192.168.1.0 255.255.255.0"
    push "route 192.168.5.0 255.255.255.0"
    client-config-dir ccd
    route 192.168.5.0 255.255.255.0 10.8.0.2
    push "dhcp-option DNS 192.168.1.4"
    push "dhcp-option WINS 192.168.1.4"
    client-to-client
    duplicate-cn
    keepalive 10 120
    comp-lzo
    max-clients 100
    user nobody
    group nogroup
    persist-key
    persist-tun
    username-as-common-name
    
    status openvpn-status-tcp.log
    log-append         /var/log/openvpn-tcp.log
    verb 3
    plugin /usr/lib/openvpn/openvpn-auth-pam.so login
    
    

    in the ccd conf for the client I added

    
     iroute 192.168.5.0 255.255.255.0
    
    

    From my LAN B when I try to ping the Windows server, I can see the ping query with a tcpdump on the openvpn Server but the ping reply get lost somewhere ! Don't know where !

    As I'm a bit lost after all the stuff I tried, maybe you have an idea ?

    Many thanks in advance