Open VPN Site to Multi Site Only works to 1 of the 2 sites
-
So this is the first time I am using openVPN to connect multiple sites. This is the basic layout. I am able to ping across the 1194 link but get no response on the 1199 link. I do see the the packets coming in….
192.168.0.1/24 <---------------------------------------> 192.168.10.0/24 <---------------------------------------------> 192.168.0.0/24
Port 1199 192.168.30.0/24 192.168.11.0/24 Port1194
CAN'T Ping CAN Ping
I have checked all FW rules and routes and they look the same for both sides…
What am I missing?
-
What are the rules on all of the OpenVPN tabs?
When connections come INTO pfSense, there needs to be a rule on that host's VPN tab passing that traffic.
And the virtual interfaces are only part of the picture. What are all the LAN subnets at each site?
-
All OVPN have an Any - Any rule in them
sites are
192.168.0.1 - Lan /Remote client/Can't Ping
192.168.10.1 - Lan / Server/Main Site
192.168.1.1 - Lan / Remote Client/ Can Ping -
All OVPN have an Any - Any rule in them
sites are
192.168.0.1 - Lan /Remote client/Can't Ping
192.168.10.1 - Lan / Server/Main Site
192.168.1.1 - Lan / Remote Client/ Can PingCan't ping what? You can't ping the OpenVPN tunnel addresses in most cases. They're not really interfaces and aren't running an ICMP stack.
-
I can' ping the 192.168.0.1 Lan interface on the other end of the OpenVPN tunnel. In the case of the side that I can ping, I can ping the 192.168.11.1&2 the tunnel addresses
-
You need to make sure a route for 192.168.0.0/24 is being pushed out to the remote client.
You need to make sure a route for 192.168.1.0/24 is being pushed to the other remote client.You need to make sure that OpenVPN firewall rules on the main site and the 192.168.1.1 site pass the traffic.
