Site-to-Site VPN Connectivity Help



  • Hello!

    Scouring the forums has revealed more understanding however I feel a post is still to be made.

    I was handed off a task to understand why the VPN setup we have reaches the Remote PFSense, but not the Network Resources beyond (Can ping PFSense Interface IPs, but not Servers beyond Remote Network). Common issue I know.

    Client Site:
    EnGenius Wireless Router
    VPN type IPSec:
    Local Address: 172.16.25.0/24
    Remote Address: 192.168.0.0/22
    Gateway: pfSense

    Remote Site:
    pfSense
    Local Address: 192.168.0.0/22
    WAN Interface: 192.168.1.16

    Rules in Place:
    WAN:
    IPv4 Source:*, Port: *, Destination: *, Port: , Gateway:

    IPSec: any IPv4, Any Source, Any Port, Any Destination, Any Gateway

    NAT set to Automatic Rules

    attached is a pfctl -sa text file. Please bombard me with all the questions and I will hope to be able to answer them.

    ** I should note that I do not have access to the Managed Switch with the PFSense is sitting behind (my assumption).

    pfSense.txt


  • LAYER 8 Netgate

    192.168.0.0/22 conflicts with 192.168.1.16 on WAN (Presumably /24).  You can't do that.

    And your pass any any rule on WAN is bad news.  Delete it.  With that in place you can just use the internet and don't need a VPN.

    Why is this in OpenVPN if you're using IPsec?


Log in to reply