Open VPN Site-to-Site not routing from Clients



  • I have the Open VPN setup and working fine for individual computers that remotely connect.  I am trying to get the VPN working so that all of the clients at a remote office can connect.  The client router connects but the traffic will not route.  I can log into the clientside pfSense box and ping devices on main site fine but clients at the remote site are not routing traffic over the VPN.  Because it's working fine for individual computer to connect and its working on the remote VPN I am sure there is something simple i am missing. HELP!

    Main office is 192.168.2.0/24 & 192.168.3.0/24
    remote office is 192.168.0/24

    Netstat -r on remote pfSense
    Internet:
    Destination        Gateway            Flags      Netif Expire
    default            XX-XX-1-XX.XX.wi UGS        bge0
    XX.XX.60.0/22      link#2            U          bge0
    d14-69-162-62.try. link#2            UHS        lo0
    localhost          link#8            UH          lo0
    192.168.1.0        link#3            U          bge1
    pfSense            link#3            UHS        lo0
    192.168.2.0        192.168.70.1      UGS      ovpnc1
    192.168.3.0        192.168.70.1      UGS      ovpnc1
    192.168.70.0      192.168.70.2      UGS      ovpnc1
    192.168.70.1      link#10            UH      ovpnc1
    192.168.70.2      link#10            UHS        lo0

    Server Side Setup

    The client side VPN is all default

    Client Side Firewall



  • try filling in the tunnel network



  • I have tried it the the tunnel filled in, I have tried it with adding the routes for the other network.  Either way I can only ping the clients at the main site via the pfSense box and not from the clients at the remote site.



  • Is this a Shared key or SSL/TLS setup?



  • Shared key.  Here is the log from the remote / client side when connecting.  I can ssh into the remote box and once OpenVPN connects I can ping clients from both sides of the network, I just can not get the clients on the remote site to see the clients at at the main office.



  • @lawrencesystems:

    I just can not get the clients on the remote site to see the clients at at the main office.

    what do you mean? if you can ping from both sides, then there shouldn't be any issue's (unless you allow icmp, but block everything else).

    if this is about "windows neighborhood network' : it doesn't route, it only broadcasts.
    setup proper dns.

    if you want to send broadcasts over your vpn you need a different type of setup: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
    ^^^^
    don't do it, broadcasts waste too much precious bandwidth



  • I can ping / access the main sites lan devices from the remote pfSense box.  But NONE of the clients on the remote site can reach clients on the main site.


  • LAYER 8 Netgate

    @lawrencesystems:

    I can ping / access the main sites lan devices from the remote pfSense box.  But NONE of the clients on the remote site can reach clients on the main site.

    What do you mean by "reach"?  What are you trying to do?


  • Banned

    @Derelict:

    What do you mean by "reach"?

    Most likely "I'm pinging and the Windows firewall is silently blocking that…"



  • The clients that I am reaching are linux boxes and I can ping them fine from the remote pfSense box once the VPN connects.  The clients at the remote site that are behind the connected pfSense box can not ping / reach clients on the other side at the main site.



  • check fw rules on their respective LAN-tabs


Log in to reply