UPDATE (Solved): Turns out I had to add iroutes on the pfsense site using Client Specific Overrides. Not very intuitive, because I had to add the exact same subnet and subnet mask information I already put into the server configuration for the local, tunnel, and client subnets.
Here's the relevant part:
See link here: https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_(SSL)#iroutes
You guys knew if you let me beat my head on the wall enough I'd figure it out, right? Right?
-----------------------------------------------
Actually, moved the question to the VPN thread, although I hope people who have more experience with the ASUS RT-AC66 would be able to help:
https://www.snbforums.com/threads/h...erver-and-rt-ac66w-asus-rmerlin-client.43958/
Getting stuck and not sure what I need to do. I think it may be a simple thing on my Asus but I can't seem to find anything online.
I set-up a peer-to-peer (site-to-site) openVPN server on my pfsense (v2.4) and copied all the values on it to the VPN client on the Asus running Asuswrt-Merlin firmware (v380):
pfsense side (office)
LAN: 10.69.0.0/24
Asus side (home office)
LAN: 192.168.0.0/24
IPv4 Tunnel Network
10.0.9.0/24 (pfsense is 10.0.9.1, Asus is 10.0.9.2)
Currently the VPN is up, I can ping, ssh, http/s, etc. from a machine connected to my Asus router (e.g., home_client=192.168.0.101) to a machine on my remote pfsense (e.g., office_client=10.69.0.11).
However, I can't go back the other way, except the office_client can ping 10.0.9.2, but nothing else beyond that.
What am I missing? I have the "Create NAT on tunnel" turned on, but it says "Router must be configured manually" so maybe I'm missing this step?
Thanks.
Here's the relevant part:
iroutes
In order for the server to reach the client networks behind each connection, both a route to the network (IPv4 Remote Networks entry) to tell the system that OpenVPN knows about that network, and also an iroute that tells OpenVPN to which specific connection a subnet belongs.
To add an iroute, visit VPN > OpenVPN on the Client Specific Overrides tab.
Add an entry for each client, and on each one:
- Set the Common Name field to the name of the certificate for the site
- On pfSense 2.2, use the IPv4 Remote Network/s here on the Client Specific Override to add iroute networks.
- On older versions of pfSense, in the custom options/advanced box, add an iroute statement for the client network:
- iroute a.a.a.a b.b.b.b;
- a.a.a.a is the subnet's starting IP, b.b.b.b is the subnet mask.
See link here: https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_(SSL)#iroutes
You guys knew if you let me beat my head on the wall enough I'd figure it out, right? Right?
-----------------------------------------------
Actually, moved the question to the VPN thread, although I hope people who have more experience with the ASUS RT-AC66 would be able to help:
https://www.snbforums.com/threads/h...erver-and-rt-ac66w-asus-rmerlin-client.43958/
Getting stuck and not sure what I need to do. I think it may be a simple thing on my Asus but I can't seem to find anything online.
I set-up a peer-to-peer (site-to-site) openVPN server on my pfsense (v2.4) and copied all the values on it to the VPN client on the Asus running Asuswrt-Merlin firmware (v380):
pfsense side (office)
LAN: 10.69.0.0/24
Asus side (home office)
LAN: 192.168.0.0/24
IPv4 Tunnel Network
10.0.9.0/24 (pfsense is 10.0.9.1, Asus is 10.0.9.2)
Currently the VPN is up, I can ping, ssh, http/s, etc. from a machine connected to my Asus router (e.g., home_client=192.168.0.101) to a machine on my remote pfsense (e.g., office_client=10.69.0.11).
However, I can't go back the other way, except the office_client can ping 10.0.9.2, but nothing else beyond that.
What am I missing? I have the "Create NAT on tunnel" turned on, but it says "Router must be configured manually" so maybe I'm missing this step?
Thanks.
Last edited: