Hey all, been looking at this all week. Must be something simple. My site to site works fine as far as the connecting the two sites via ovpn, but fails routing from the server to the client. The client can ping the server side LAN endpoints. I’ve fooled around with the Client Override (iroute) but that doesn’t seem to be it, I see no issues on any of the fw Rules. I have open fw connections on both the LANs and the OpenVPN interfaces.
Server - Ping response to the GW on Site B, but FAILS pinging the Site B LAN interface on the FW
Client - Ping response to the all the endpoints on Site A LAN
Both FWs are 2.7.2
Site A (Server, static public IP)
LAN 192.168.88.0/24
Tun 10.43.1.0/24 (10.43.1.2 site B gw)
OpenVPN Server ovpns9
Site B (Client, dynamic public IP)
LAN 10.43.0.0/24
(10.43.1.1 site A gw)
OpenVPN Client ovpnc1
OpenVPN connection established.
Site A
netstat -n -rWn
10.43.0.0/24 10.43.1.2 UGS 19 1500 ovpns9
10.43.1.0/24 link#13 U 17 1500 ovpns9
10.43.1.1 link#8 UHS 18 16384 lo0
route -n get 10.43.0.32
route to: 10.43.0.32
destination: 10.43.0.0
mask: 255.255.255.0
gateway: 10.43.1.2
fib: 0
interface: ovpns9
flags: <UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1500 1 0
Site B
netstat -n -rWn
10.43.0.1 link#4 UHS 6 16384 lo0
10.43.1.0/24 link#8 U 8 1500 ovpnc1
192.168.88.0/24 10.43.1.1 UGS 10 1500 ovpnc1
route -n get 192.168.88.101
route to: 192.168.88.101
destination: 192.168.88.0
mask: 255.255.255.0
gateway: 10.43.1.1
fib: 0
interface: ovpnc1
flags: <UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1500 1 0