OpenVPN site-to-site TAP
-
hello,
I created a site-to-site tunnel with openvpn TAP mode betwin 2 pfsense appliances ( the server v2.2 - 192 168 166 254 and the client v2.1.5 - 192 168 166 253). The tunnel up properly, the firewall ping each other , but the traffic between my sites does not work .Can anyone help me ??
-
nobody can help me ??
-
Post the ifconfig output for the relevant ovpn interface.
nobody can help me ??
Dude, bumping threads b/c noone replied in whopping 3 hours?! ::)
-
Excuse me, but completely cut off from my VPN with 30 rabid users … I was really freaked out ...
-
Well, now that I have resolved the problem on my vpn…
On my site A, there are 3 PCs ( 192.168.166.189 - 191/24 ) and a firewall ( 192.168.166.253 )
On my site B, there are 3 PCs ( 192.168.166.200 - 202/24 ) and a firewall ( 192.168.166.254 ) .I set up a VPN with OpenVPN using the TAP method between the two sites.
The firewall A ping the firewall B, but the traffic from one PC to another on both site doesn't work. In my firewall log nothing is blocked, the ARP table information is correct on eatch side, but no traffic between the two sites ...is the /24 can be the cause of my problem ?
-
Using same LAN subnets on both sites? Time to start from scratch.
-
Please excuse my ignorance, but I followed the topic https://forum.pfsense.org/index.php?topic=38605.0 and he doesn't speak to create subnets
-
What are you doing that you need a bridged setup? Post the config from both sides. Post the firewall rules from the LAN, Openvpn and the Bridged interface tabs on both sides.
-
Hi, I'm back from holidays, so I am back in my research.
I need a bridge, because historically , I have two sides on the same IP range and I don't want to reconfigure all my clients. I attached a screenshot of my conf and firewall.Thank you for your help.
-
There are some notes in this thread: https://forum.pfsense.org/index.php?topic=84419.msg462943#msg462943
-
I have found nothing that resolve my problem
-
If you are doing this to prevent renumbering your network, maybe you should just do 1 to 1 NAT on both ends.
-
I have found nothing that resolve my problem
I just went through the procedure in the thread I linked earlier on two 2.2.1 boxes and it worked fine, or rather well enough for me to get in and fix a problem preventing a remote host from routing out correctly. If you are still having problems, I suggest you look over that and then post some specifics of your config.
