Problems with local connection in peer to peer OpenVPN on pfsense
Posted: Wed Sep 14, 2022 6:27 pm
Before I start talking about the problem I would like to inform you that I have been looking for a solution to this problem for a long time, I have seen videos, articles, testimonials on various forums, as well as some colleagues trying to help me.
I performed a site to site(openVPN) pfsense configuration for pfsense, to connect two networks, a matrix to a branch and both have access to each other's local network. The connection is all ok, closed and dripping with each other. The Client and its users can ping the server's local network smoothly, but the Server and its users cannot access or ping the client's local network through the tunnel.
I tried some of Nat's rules. But without success. I'll put all my setup to see if anyone can help me understand where I'm going wrong.
Server Settings
Client Settings
Network System Image
Server Images
FirewallLAN
FirewallNAT
FirewallOpenVPN
FirewallWAN
pfTop in ping start
Pign to client network
**Client Images**
FirewallNAT
I performed a site to site(openVPN) pfsense configuration for pfsense, to connect two networks, a matrix to a branch and both have access to each other's local network. The connection is all ok, closed and dripping with each other. The Client and its users can ping the server's local network smoothly, but the Server and its users cannot access or ping the client's local network through the tunnel.
I tried some of Nat's rules. But without success. I'll put all my setup to see if anyone can help me understand where I'm going wrong.
Server Settings
Code: Select all
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 10.158.0.221
tls-server
server 10.54.54.0 255.255.255.0
client-config-dir /var/etc/openvpn/server1/csc
ifconfig 10.54.54.1 10.54.54.2
lport 5454
management /var/etc/openvpn/server1/sock unix
push "route 10.111.0.0 255.255.255.0"
remote-cert-tls client
route 10.112.0.0 255.255.255.0
capath /var/etc/openvpn/server1/ca
cert /var/etc/openvpn/server1/cert
key /var/etc/openvpn/server1/key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1/tls-auth 0
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression no
topology subnet
explicit-exit-notify 1
inactive 300
Code: Select all
dev ovpnc1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 10.158.0.222
tls-client
client
lport 0
management /var/etc/openvpn/client1/sock unix
remote 10.158.0.221 5454 udp4
ifconfig 10.54.54.2 10.54.54.1
remote-cert-tls server
route 10.111.0.0 255.255.255.0
capath /var/etc/openvpn/client1/ca
cert /var/etc/openvpn/client1/cert
key /var/etc/openvpn/client1/key
tls-auth /var/etc/openvpn/client1/tls-auth 1
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression no
resolv-retry infinite
topology subnet
explicit-exit-notify 1
Network System Image
Server Images
FirewallLAN
FirewallNAT
FirewallOpenVPN
FirewallWAN
pfTop in ping start
Pign to client network
**Client Images**
FirewallNAT