Data passing in one direction only, static site to site VPN
-
Are you using Windows machines on the client LAN?
Have you made sure the Windows firewall(s) aren't blocking traffic?
-
Yes windows machine, but I'm primarily trying to get into the other pfSense box (client's). But point well taken regarding windows. I have one windows machine, one pfsense, one access point and that's it. Can't get into any of them.
-
Adding what's in the NAT outbound table, if helpful:
-
Anybody know where auto-NAT would be picking up those /30 and /32 networks? That's certainly oddball.
-
Hmmmm, I'm with Derelict, there's at least some weird leftovers from something else going on here (or we're missing some other info).
It might be worth taking a copy of your current config and resetting to default, then add back the pieces you have configured one at a time to try and diag what's causing the grief
If you add back DHCP, then OpenVPN (in that order) you can isolate the problem pretty quickly.
Barring that you're stuck adding firewall rules that log particular traffic to see what's happening.
In general I would aim for simplifying your setup rather than adding more rules/NAT/etc.
The hardest part of OpenVPN S2S links is getting the keys and tunnels configured correctly in my experience.
The only associated rule you typically need is an "Allow all" on the OpenVPN interface (Do you have that?)
Once you have a tunnel up and traffic passing, it's typically a "fire and forget" setup, they just work.Can you post your Firewall->Rules for the WAN, LAN, and OpenVPN tabs?
-
the 192.168.1.18x series of addresses are PPTP that's hardcoded to a specific client logins.
Correction, 188 is a hardcoded PPTP. My PPTP range is .180-.188, so I don't really know what's up with those. -
Says it's connected. This is the ovpn status at the server.
-
Haven't done anything on the client for pass rules.
For the server to connect to client assets there needs to be pass rules on the OpenVPN tab or Assigned interface tab on the client letting the traffic in from server's LAN.
-
Haven't done anything on the client for pass rules.
For the server to connect to client assets there needs to be pass rules on the OpenVPN tab or Assigned interface tab on the client letting the traffic in from server's LAN.
Ok this must be it then, because I didn't do anything special on the client side. Will have to wait to go over there and do it.
-
Sorry folks, it was a firewall rules. On the client side I had to put allow ALL rules into the OpenVPN firewall tab section. It was already done at the server by virtue of being the server and whatever guide I read. Thanks for the advice.
