I have two locations. HQ and branch. I have a pfSense FW installed in both locations although HQ is pf2.3.4 and the branch is pf2.4.4.
- HQ has a VPN Server site2site(port yyy) shared key
- branch has a VPN client site2site(port yyy) shared key
- both locations have the same ipv4 tunnel (10.0.9.0/24)
- on the branch I added the ipv4 remote networks correspinding to the HQ netx behind the VPN (10.80.248.0/24)
The network comes up. I can ping, trace, and route from the branch and the HQ
- I added a remote ssl/tls server(port zzz) on the branch
- I set the FORCE all traffic to the VPN flag
- set the tunnel network to 10.0.10.0/24
- created and exported certs
- launched openvpn on my client
from my client I can
- ping all the machines on my local subnet
- ping 1.1.1.1
- ping both side of the 10.0.10.0 net
- ping both side of the 10.0.9.0 net
however I cannot ping any machine on the 10.80.248.0 network from my client... but I can ping the same machine from the branch FW(diags ping).
As a side note I am able to ping the user machine from the HQ firewall.
Everything I did was spot on.... The missing pieces.
push "route x.x.x.x y.y.y.y"to the user server for each HQ subnet so the clients inherit the correct routes