OpenVPN Site-to-Site Tunnel UP but no connection

[jimjohn]

Hi all,

I am driving myself crazy on this. Got two sites that I want to connect with each other for backup purposes via OpenVPN. Each site has a unit connected directly to the respective interface on the OPNsense (both sites have OPNsenses).

a) I could get the connection up (see screenshot) but I am not able to ping from OPNsense A to OPNsense B. I guess I am messing something up with my firewall rules. What am I doing wrong?

b) On OPNsense B I got 2 additional gateways, one for IPv4 and one for IPv6, after creating the OpenVPN client. However, I am not using IPv6 on either of the OPNsenses and OPNsense A only has one gateway for IPv4. How can I get rid of the additional IPv6 gateway?

Thanks for your help.

[jimjohn]

Sorry for pushing, but no idea at all? Anyone? Still could not figure that out ...  :( :( :(

[chemlud]

I guess the fw rules are only for the tunnel net/IP. you need allow rules for the respective remote networks you want to connect from...

[jimjohn]

I guess the fw rules are only for the tunnel net/IP. you need allow rules for the respective remote networks you want to connect from...

What do you mean? Can you give an example?

[chemlud]

In your fw rule on the openVPN tab you need the respective REMOTE network as SOURCE and the respective LANnet as TARGET. In your two fw rules you have the same source net on both sides.

[jimjohn]

In your fw rule on the openVPN tab you need the respective REMOTE network as SOURCE and the respective LANnet as TARGET. In your two fw rules you have the same source net on both sides.

That is exactly what I did here, isn't it?

[chemlud]

no, in your overview.png I see two rules with identical source and target nets, no idea which rule/net is on which side of the tunnel.

[jimjohn]

Well, you have been right. Now it works ... Thanks!