OpenVPN S2S Routing Between My LAN and my DO Private Lan

August 15, 2014 2.4k views

Hey everyone, not sure where to post this.. I posted this in /r/pfsense as well but figured i'd try here as well.

I'm trying to do a site-to-site vpn using openvpn and running into some routing issues.

On Premise LAN

VPN Tunnel Network:
My PC:

Remote LAN

VPN "Client":
Ubuntu Testbox:

I'm using ubuntu 14.04 w/ openvpn_as deb 0.2.10 installed on it on a digitalocean droplet.

I've got the vpn connected site to site. I can ping both ways from My PC <-> VPN Client using the VPN clients LAN IP (and not the tunnel net ip) and my IP.

Where i get the hiccup is, trying to contact any other machines on my remote lan from my on-premise lan, i can't talk to them or from them.

For example, from "ubuntu testbox" I can ping fine. I can't ping From my machine I cant ping

Here is my config file that was dumped from pfsense, and here is a screenshot of my openvpn server configs.

I moved some things around, specifically I commented out pull as openvpn was throwing errors about it and tls-client when trying to connect.

That error was
Options error: Parameter --pull can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified.
Use --help for more information.

1 Answer

after a bit more testing, i think this is related to packet filtering. I've read a few other posts with similar scenario's where DO drops mismatch IP packets. for source/dest.

Have another answer? Share your knowledge.