OpenVPN client connect to site-to-site openvpn network

[whoppi]

 Hi evryone, i have a question regarding OpenVPN. I have a firewall1 with one OpenVPN Server where clients connect to. This firewall1 ist connected as a site-to-site openvpn client to our firewall2. If i connect as a client to the vpn server of firewall1 i cant reach the the network of the firewall2. Is there a special thing to do. I have configured all local and remote networks.

I can connect to the firewall2 network from the local lan of firewall1 but not from openvpn client connected to firewall1

i can see in my routes of client connected through vpn, that the routes are pushed corectly.

if i try to make traceorute on the firewall1, i can reach the datacenter networks, but it i choose the source for traceroute to vpn servers entwork, then it do not work and i receive ony  * * * at traceroute

if i trace the site-to-site connection i acnt see that the pings are leaving the firewall1 to site-to-site. Any advice where i can look

[whoppi]

Anybody who can help me?

[bartjsmit]

Hi Whoppi,

Make sure your routes are correct both ways; the targets need to have a route back to the source for all subnets. Mind that there are at least four in play; datacenter - tunnel1 - opnsense - tunnel2 and possibly one for the client.

Capture a ping run on the OPNsense firewall and have a look at wireshark. Remember to set the source IP address in ping.

Bart...