Site-to-Site OpenVPN not working from outside OPNSense

[BShoppy]

I've set up a Site-to-Site OpenVPN configuration on 23.7 using the new instances following the steps at:
https://docs.opnsense.org/manual/how-tos/sslvpn_instance_s2s.html

It's connecting to an OpenVPN Access Server, not another OPNSense instance, but that shouldn't matter.

The connection comes up fine, and from the OPNSense router itself, I can access everything just fine. But from all computers in my local LAN, I can't access anything. With a ping, firewall logs show a packet going out, but nothing coming back - either blocked or allowed.

Any thoughts on what I am missing?

[bartjsmit]

Any thoughts on what I am missing?

A return route on the far end

Hosts on the remote network need a static route to your LAN to go via the tunnel. Otherwise they send the reply packets to their default route where the first internet router will promptly drop them (for being in the RFC1918 ranges)

If you control the remote default gateway, set the route there for ease of management (single point of config).

Bart...

[BShoppy]

A return route on the far end

That was pretty much it. The host network on the far end had the return route, but the VPN configuration on that end didn't have the local network in there 

Added that and now it's all working perfectly.

Thanks!