Messages

OMG I finally got it working!!

I entered the certificate's Description not it's CN in the client specific override. Once I fixed this it all started working.

I'm still not used to subnet topology (all my configs use net30) so I will need to do some more reading to get my head around what exactly is going on here.

jaj1105 if you followed the example on the Opnsense documentation I am pretty certain you have the same problem. You need to either fix the CSO or create one if you didn't.

It's definitely something in the way OPNsense is creating the server vpn conf file because I copied my configs that I wrote by hand that I use on OpenWRT to each Opnsense server and it works perfectly and I can now ping devices in the client network from the server network.

I tried the advice of using the packet capture.

I logged into the server via SSH and tried to ping the client vpn's LAN interface. I see the icmp packet leaving the server on the ovpns1 interface but on the client vpn i never see it arrive on the ovpnc1 interface.

If I log into the client vpn firewall via SSH and I ping the server vpn LAN interface I see the icmp-request and icmp-reply packets on both firewalls.

Is something broken in OpenVPN????

I have the exact same problem.

I disabled the firewall packet inspection on both firewalls to rule out that it's a firewall rule and that didn't help.

If the client vpn can ping the server vpn lan interface the the routes have to be correct or else the server would not have the correct route to reply back to the client.

There is nothing in any firewall log or any log for that matter indicating why traffic going to the client site is being blocked.

I have never had an issue setting up OpenVPN site to site VPNs on other platforms but on those platforms I'm not locked into a GUI interface.