No routing between Pfsense openvpn multi p2p SSL/TLS

I want to setup my Pfsense multi p2p SSL/TLS but i got some problems with the routing (P2P with shared key is already working but i want to improve the security). The gateway between the client en server is connected and online but I cannot connect to the server from the client or from client to the server. I followed this tutorial. The client pfsense can ping to clients on the server network. but the clients on the client Pfsense not. Can you give me some advice to solve the problem? Must I open NAT?

With kind regards,

https://docs.netgate.com/pfsense/en/latest/book/openvpn/site-to-site-example-configuration-ssl-tls.html

I have a guide on that here https://youtu.be/-8xt7LUtYH4

Hello Tom,

Thanks for this video, multi P2P with shared key is working to my clients for several months. Now i want to increase the security between my clients to use multi P2P with SSL/TLS. I used almost the same setup as the shared key setup but I cannot to the clients.The gateway 10.10.160.0/24 is online on both sites but there is no connection between the clients behind the pfsense boxes.

Where must i look to solve this problem?

Is there a different routing if I use multi P2P with SSL/TLS?

Maybe a new tutorial with multi P2P with SSL/TLS could be a solution?:grinning:

Thanks for your reply.

Wilfred.

What do the firewall rules for openvpn look like?
Go to Firewall -> Rules -> OpenVPN for both pfsense boxes.
By default, I think that there’s an ‘accept-all’. If there are no ‘accept’ rules, then no data will be passed.

gzornetzer, thanks for your reply, on both sites server and client I have this config.
What do you think about this config?

Wilfred.

Wilfred,
That looks correct.
One thing that I found - my VPN didn’t work when I took an existing connection and tried to retool it for SSL/TLS. It did work when I created a new VPN server instance from scratch.
Also, have you confirmed that you can communicate from either the remote networks with a server on the ‘main network’ or the pfsense web interface itself?

As an aside, did you intend for your target network addreses to be internet routable? I believe that 192.165.x.x is internet routable and shouldn’t be used for private networks lest problems happen. Perhaps you meant 192.168.x.x?