pfsense site-to-site openvpn

[andrewbedia]

Got a bit of an issue where I have a site-to-site OpenVPN going between two pfSense boxes.

Pfsense vpn server (In Diagnostics -> Ping)
ping tunnel address of pfsense vpn client (x.x.x.2) -- Success
ping to a machine on pfsense vpn client's local network -- Failure

Pfsense vpn client (In Diagnostics -> Ping)
ping tunnel address of pfsense vpn server (x.x.x.1) -- Success
ping to a machine on pfsense vpn server's local network -- Success

Vpn server local network
ping tunnel address of pfsense vpn client (x.x.x.2) -- success
ping tunnel address of pfsense vpn server (x.x.x.1) -- success
ping to a machine on pfsense vpn server's network -- failure

Vpn client local network
ping tunnel address of pfsense vpn client (x.x.x.2) -- success
ping tunnel address of pfsense vpn server (x.x.x.1) -- failure
ping to a machine on pfsense vpn server's network -- failure

Almost seems like there is a problem with routing from Local LAN on the vpn client into that tunnel network (and subsequently, the server's network).

I've got allow all rules on both ends for OpenVPN in the Firewall. I've fought with this for many hours and am out of ideas. If anyone has any ideas or needs more information, let me know and I'll provide more info.

 

[andrewbedia]

Figured this out after sleeping on it. I feel silly, but it turns out I needed outbound NAT rules to allow traffic to go into the tunnel.

 

[epicurean]

Could you share how you set up site to site pfsense OpenVPN?
i assume you are using the latest 2.4.4 pfsense?

Would 8GB ram on each pfsense site be sufficient? With pfblockerNG in place, already 75% of 8GB used for Pfsense