I performed a site to site(openVPN) pfsense configuration for pfsense, to connect two networks, a matrix to a branch and both have access to each other's local network. The connection is all ok, closed and dripping with each other. The Client and its users can ping the server's local network smoothly, but the Server and its users cannot access or ping the client's local network through the tunnel.
I tried some of Nat's rules. But without success. I'll put all my setup to see if anyone can help me understand where I'm going wrong.
Server Settings
Code: Select all
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 10.158.0.221
tls-server
server 10.54.54.0 255.255.255.0
client-config-dir /var/etc/openvpn/server1/csc
ifconfig 10.54.54.1 10.54.54.2
lport 5454
management /var/etc/openvpn/server1/sock unix
push "route 10.111.0.0 255.255.255.0"
remote-cert-tls client
route 10.112.0.0 255.255.255.0
capath /var/etc/openvpn/server1/ca
cert /var/etc/openvpn/server1/cert
key /var/etc/openvpn/server1/key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1/tls-auth 0
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression no
topology subnet
explicit-exit-notify 1
inactive 300
Code: Select all
dev ovpnc1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 10.158.0.222
tls-client
client
lport 0
management /var/etc/openvpn/client1/sock unix
remote 10.158.0.221 5454 udp4
ifconfig 10.54.54.2 10.54.54.1
remote-cert-tls server
route 10.111.0.0 255.255.255.0
capath /var/etc/openvpn/client1/ca
cert /var/etc/openvpn/client1/cert
key /var/etc/openvpn/client1/key
tls-auth /var/etc/openvpn/client1/tls-auth 1
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression no
resolv-retry infinite
topology subnet
explicit-exit-notify 1
Network System Image
Server Images
FirewallLAN
FirewallNAT
FirewallOpenVPN
FirewallWAN
pfTop in ping start
Pign to client network
**Client Images**
FirewallNAT