Hi! Try this:
pfsense2 - server: Tunnel network: 10.0.8.0/30 (no need for /24 on site2site) pfsense1 - client: Tunnel network: 10.0.8.0/30 (You can even keep it empty) Keeping or removing the remote network on the client side shouldn't be important, the difference being that if you keep it, you should see an error message that the route that has already been pushed by the server is re-issued by the client. hope it helps! Vassilis Cristian Del Carlo wrote on 19.12.2012 14:09: > Hi, > > thanks for your help. > > My firewall rules are in both pfsense: > Action: Pass > Interface : Openvpn > Protocol: Any > Source: Any > Destionation: Any > > This are my routing from firewall ( without public ip ): > > pfsense 1 - client: > 10.0.8.1 link#10 UH 0 15 ovpnc2 > 10.0.8.2 link#10 UHS 0 0 lo0 > 192.168.8.0/24 10.0.8.1 UGS 0 45 ovpnc2 > 192.168.9.0/24 link#2 U 0 37598040 em1 > > pfsense 2 - server: > 10.0.8.1 link#9 UHS 0 0 lo0 > 10.0.8.2 link#9 UH 0 72 ovpns1 > 192.168.8.0/24 link#2 U 0 229122 em1 > 192.168.8.1 link#2 UHS 0 0 lo0 > 192.168.9.0/24 10.0.8.2 UGS 0 1 ovpns1 > > Could be a routing problem? > > > 2012/12/19 WolfSec-Support <supp...@wolfsec.ch>: >> Hi, >> >> do you have special rules in VPN tunnel ? >> make sure to open OpenVPN ruleset as necessary >> >> this is "new" in 2.x; 1.2.x. had no rules in OpenVPN tunnels >> >> but per default normally tunnel is open any<>any >> >> br >> stephan >> >> >> _______________________________________________ >> List mailing list >> List@lists.pfsense.org >> http://lists.pfsense.org/mailman/listinfo/list >> > > > _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
