> lan1 192.168.9.0 <---> pfsense1 (client openvpn) <--> pfsense2 > (server openvpn) <--> lan 2 192.168.8.0
> /var/etc/openvpn/server1.conf > route 192.168.9.0 255.255.255.0 > push "route 192.168.8.0 255.255.255.0" This looks right. > /var/etc/openvpn-csc/fw-target > > iroute 192.168.9.0 255.255.255.0 You're not pushing the route for the clients on the other side? Also, you're not setting up a known tunnel interface, can't filter now... > /var/etc/openvpn/client2.conf > ifconfig 10.0.8.2 10.0.8.1 > route 192.168.8.0 255.255.255.0 No need for this, server can be authoritive for all configuration using ccd. If you plan to filter eventually, do not use client-to-client, see: http://lists.pfsense.org/pipermail/list/2012-July/002587.html In a server config, a route statement adds a route to the local system routing table. A push route pushes one to a clients. These directives route packets from the kernel to the OpenVPN process The iroute directive routes to the specific client after. I often see with client-to-client issues that tcpdump bring to light instantly. If you set the interface to listen on the pfsense box to the tun dev and start pinging a remote host, you can see if the traffic gets that far, then for example on the remote host as well. if you see it there, there is no return route likely etc. It usually doesn't take long to sort this out. jlc _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list