Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Site-to-Site VPN Connectivity Help

    OpenVPN
    2
    2
    463
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      simple1689 last edited by

      Hello!

      Scouring the forums has revealed more understanding however I feel a post is still to be made.

      I was handed off a task to understand why the VPN setup we have reaches the Remote PFSense, but not the Network Resources beyond (Can ping PFSense Interface IPs, but not Servers beyond Remote Network). Common issue I know.

      Client Site:
      EnGenius Wireless Router
      VPN type IPSec:
      Local Address: 172.16.25.0/24
      Remote Address: 192.168.0.0/22
      Gateway: pfSense

      Remote Site:
      pfSense
      Local Address: 192.168.0.0/22
      WAN Interface: 192.168.1.16

      Rules in Place:
      WAN:
      IPv4 Source:*, Port: *, Destination: *, Port: , Gateway:

      IPSec: any IPv4, Any Source, Any Port, Any Destination, Any Gateway

      NAT set to Automatic Rules

      attached is a pfctl -sa text file. Please bombard me with all the questions and I will hope to be able to answer them.

      ** I should note that I do not have access to the Managed Switch with the PFSense is sitting behind (my assumption).

      pfSense.txt

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        192.168.0.0/22 conflicts with 192.168.1.16 on WAN (Presumably /24).  You can't do that.

        And your pass any any rule on WAN is bad news.  Delete it.  With that in place you can just use the internet and don't need a VPN.

        Why is this in OpenVPN if you're using IPsec?

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post