Help with OpenVPN config for a site to site vpn config..
-
I have two Intel servers setup running PFsense 2.4.1. I have a pile of IPsec VPN's working like a charm on the one server, but I need to create a VPN from a site with a dynamic IP back to the main location, and from what I have read that is not an IPsec option, so looks like OpenVPN client/server will do the job.
That said, I have tried using the docs in the wiki for a shared key setup, and I am trying to do the following:
LAN-A (10.3.0.0/16) -PFS_A– Internet --PFS_B- LAN-B (10.4.0.0/16)
PFS_A Config:
Server Mode: Peer to Peer (Shared Key)
Protocol: UDP on IPv4 Only
Device Mode: tun
Interface: WAN
Local Port: 1194Shared Key generated!
Encryption: AES-256-CBC
Auth Digest: SHA512IPv4 Tunnel Net: 172.30.1.0/30
IPv4 Remote Net: 10.4.0.0/16
Compression: Adaptive LZOOn the Client server I have the following.
Client PFS_B:
Server Mode: Peer to Peer (Shared Key)
Protocol: UDP on IPv4 Only
Device Mode: tun
Interface: WAN
Server Address: 50.225.xx.yy
Local Port: 1194Shared Key copied from Server!
Encryption: AES-256-CBC
Auth Digest: SHA512IPv4 Tunnel Net: 172.30.1.0/30
IPv4 Remote Net: 10.3.0.0/16
Compression: Adaptive LZOSo one side is pretty much a perfect match with the other, outside of one being server side, and one being client side. I have even setup on each side systems to keep a ping going each direction. Still server side all I see is:
Peer to Peer Server Instance Statistics
Name Status Connected Since Virtual Address Remote Host Bytes Sent / Received Service
Server UDP4:1194 0 B / 0 BClient side I see:
OpenVPN Clients
Protocol Server Description Actions
UDP4 50.225.xx.yy:1194 VPN LinkI have also made sure I had firewall rules in allowing the connection to the server on 1194, and I have also added a VPN rule that just permits all traffic inside the VPN.
I am sure I am probably missing something silly, but hopefully someone here can point me in the right direction to get this all working.
Thanks...