PfSense and MikroTik site-to-site OpenVPN
I'm trying to use pfSense 2.2.4 as a gateway and OpenVPN server in main office and MikroTik as a gateway and OpenVPN client in remote office.
Network in main office 192.168.120.0/24
Network in remote office 192.168.143.0/24
Tunnel network 10.0.8.0/24
I have fresh pfSense with default configuration and OpenVpn server in Peer to Peer with ssl/tls mode with configured Client Specific Overrides for remote MikroTik.
OpenVpn tunnel is established but I cannot ping any hosts on the other end of tunnel.
When I try to run traceroute it stucks on first hope.
This is my server config:
keepalive 10 60
server 10.0.8.0 255.255.255.0
ifconfig 10.0.8.1 10.0.8.2
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'GW01+OpenVPN+Server' 1 "
management /var/etc/openvpn/server1.sock unix
push "route 192.168.120.0 255.255.255.0"
route 192.168.143.0 255.255.255.0
This is Client Specific Override configuration file:
iroute 192.168.143.0 255.255.255.0
I see pushed routes on MikroTik but any of them does not work.
When I try to connect that MikroTik to other OpenVpn server based on Debian everything works and I can ping any hosts on any sides of tunnel, so I think that I have missed something in pfSense configuration.
Any ideas why it's not working?
Many thanks in advance.
![OpenVpn server.PNG](/public/imported_attachments/1/OpenVpn server.PNG)
![OpenVpn server.PNG_thumb](/public/imported_attachments/1/OpenVpn server.PNG_thumb)
![Client Specific Override.PNG](/public/imported_attachments/1/Client Specific Override.PNG)
![Client Specific Override.PNG_thumb](/public/imported_attachments/1/Client Specific Override.PNG_thumb)
![OpenVPN status.PNG](/public/imported_attachments/1/OpenVPN status.PNG)
![OpenVPN status.PNG_thumb](/public/imported_attachments/1/OpenVPN status.PNG_thumb)
![Routing Table.PNG](/public/imported_attachments/1/Routing Table.PNG)
![Routing Table.PNG_thumb](/public/imported_attachments/1/Routing Table.PNG_thumb)
MikroTik routing table
![MikroTik Routing Table.JPG](/public/imported_attachments/1/MikroTik Routing Table.JPG)
![MikroTik Routing Table.JPG_thumb](/public/imported_attachments/1/MikroTik Routing Table.JPG_thumb)
tkriviradev last edited by
Could you please provide for me some how-to-document?
I am completely lost How did you achieved site to site between pfsense and mikrotik.
I am trying to do the same but without any luck.
I was following this guide https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_%28SSL%29
But after that I am a bit lost.. I don't know what to do…
Thank you in advance!
Hi taras seems like the routing table on the pfsense is trying to send traffic to 10.0.8.2 as the routing table is showing ( last line ) but your endpoint client is receiving the ip address 10.0.8.6 , maybe that is the problem.
this is the tunnel ip interfaces.
ifconfig 10.0.8.1 10.0.8.2 -> real 10.0.8.6
maybe the 20 max client setup is the cause. If the setup is ptp maybe changing this field may help. or try to force the ip of the vpn client to 10.0.8.2
Mikrotik is receiving the ip address 10.0.8.6 and sending traffic to 10.0.8.1 that is OK , but the 10.0.8.6 ip is not Ok.
the MikroTik OpenVPN isn´t supporting the full features and options from the OpenVPN it self!
MikroTik RouterOS is only supporting OpenVPN with TCP but not UDP! This could be the hint
in this game, as I see it right.
I really don´t know where, but there is an option to set up "use TCP only" that must be chosen.
Tunnnel is up , no traffic between sites. I think is a routing issue.
Tunnnel is up ,
Why not ?
I have 8 remote mikrotik routers with tcp tunnel , no problem.
acriollo can you help me setting up an OpenVPN Server in pfsense and a Mikrotik OpenVPN Client?
I can't get mine working…
Thanks in advance.