Broken Again - net to net OpenVPN thru Qwest - can't ping thru tunnel

Brady1408

I have a net to net OpenVPN tunnel that's been up for over a year now, everything has worked fine and has been humming away. The other day I got a new ISP (qwest DSL as qwest.net as my ISP) I made the adjustments to my firewall adding the new static IP address to the wan as well as some virtual carp ipaddresses for the /29 subnet I lease from them.
Ever sinse this change the VPN is no longer working, if I look at the log it show everything connecting fine but I can't ping thru the tunnel. I know this is complicated so I will get all the settings I'm using below.

Server side is pfsense with a multiwan setup running 1.2-release just as a side note.

Thanks in advance for any help you can offer!

A quick overview.
Server Addresses
WAN xxx.xxx.xxx.213/29
WAN Gateway xxx.xxx.xxx.214/29
OPT1 xxx.xxx.xxx.11/24 (not being used for the VPN)
LAN 192.168.6.0/24

Client Addresses
WAN xxx.xxx.xxx.161/29
WAN Gateway xxx.xxx.xxx.166/29
LAN 192.168.27.1/24

OpenVPN Settings

Server Settings
Protocol  <udp>Dynamic IP  <unchecked>Local port  <1194>
Address pool <10.8.0.0/24> 
Use static IPs  <unchecked>Local network <blank>Remote network <192.168.27.0/24>
Client-to-client VPN <unchecked>Cryptography <bf-cbc(128 bit)="">Authentication method <shared key="">Shared key <[snip]–---BEGIN OpenVPN Static key V1-----[/snip]>
LZO compression <checked>Client Settings
Protocol  <udp>Server address <xxx.xxx.xxx.213>Local port  <1194>
Interface IP <10.8.0.0/24> 
Remote network <192.168.6.0/24>
Proxy Host <blank>Proxy port <3128>
Cryptography <bf-cbc(128 bit)="">Authentication method <shared key="">Shared key <[snip]–---BEGIN OpenVPN Static key V1-----[/snip]>
LZO compression <checked>Routing Tables

Server Table
default xxx.xxx.xxx.214 UGS 0 328233 1500 em2   
10.8.0.2 10.8.0.1 UH 1 0 1500 tun0   
127.0.0.1 127.0.0.1 UH 0 0 16384 lo0   
192.168.6 link#2 UC 0 0 1500 em0   
192.168.27 10.8.0.2 UGS 0 412 1500 tun0

Client Table
default xxx.xxx.xxx.166 UGS 0 32561 1500 sis0   
10.8.0.1 10.8.0.2 UH 1 0 1500 tun0   
127.0.0.1 127.0.0.1 UH 0 956 16384 lo0   
192.168.6 10.8.0.1 UGS 0 48 1500 tun0   
192.168.27 link#4 UC 0 0 1500 vr0

OpenVPN Logs

Server Logs
Jun 6 11:48:03 openvpn[545]: UDPv4 link remote: [undef]
Jun 6 11:48:03 openvpn[545]: UDPv4 link local (bound): [undef]:1194
Jun 6 11:48:03 openvpn[545]: Preserving previous TUN/TAP instance: tun0
Jun 6 11:48:03 openvpn[545]: LZO compression initialized
Jun 6 11:48:03 openvpn[545]: Re-using pre-shared static key
Jun 6 11:48:01 openvpn[545]: SIGUSR1[soft,ping-restart] received, process restarting
Jun 6 11:48:01 openvpn[545]: Inactivity timeout (–ping-restart), restarting
Jun 6 11:46:21 openvpn[545]: Initialization Sequence Completed
Jun 6 11:46:21 openvpn[545]: Peer Connection Initiated with xxx.xxx.xxx.161:1194
Jun 6 11:46:17 openvpn[545]: UDPv4 link remote: [undef]
Jun 6 11:46:17 openvpn[545]: UDPv4 link local (bound): [undef]:1194
Jun 6 11:46:17 openvpn[536]: /etc/rc.filter_configure tun0 1500 1545 10.8.0.1 10.8.0.2 init
Jun 6 11:46:17 openvpn[536]: /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255 up
Jun 6 11:46:17 openvpn[536]: TUN/TAP device /dev/tun0 opened
Jun 6 11:46:17 openvpn[536]: gw xxx.xxx.xxx.214
Jun 6 11:46:17 openvpn[536]: LZO compression initialized
Jun 6 11:46:17 openvpn[536]: WARNING: file '/var/etc/openvpn_server0.secret' is group or others accessible
Jun 6 11:46:17 openvpn[536]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007

Client Logs
openvpn[450]: UDPv4 link remote: xxx.xxx.xxx.213:1194
Jun 6 19:21:11 openvpn[450]: UDPv4 link local (bound): [undef]:1194
Jun 6 19:21:11 openvpn[450]: Preserving previous TUN/TAP instance: tun0
Jun 6 19:21:11 openvpn[450]: LZO compression initialized
Jun 6 19:21:11 openvpn[450]: Re-using pre-shared static key
Jun 6 19:21:09 openvpn[450]: SIGUSR1[soft,ping-restart] received, process restarting
Jun 6 19:21:09 openvpn[450]: Inactivity timeout (–ping-restart), restarting

Rules that apply. Both Rules are at the top of the LAN rule list.

Server Rules

LAN Allow - Proto(), Source(), Port(), Destination(192.168.27.0/24), Port(), Gateway(*)

Client Rules

LAN Allow - Proto(), Source(), Port(), Destination(192.168.6.0/24), Port(), Gateway(*)</checked></shared></bf-cbc(128></blank></xxx.xxx.xxx.213></udp></checked></shared></bf-cbc(128></unchecked></blank></unchecked></unchecked></udp>

Brady1408

I can't tell you exactly what the problem was but it seems that time solved the problem, the only thing that I did in the past couple of days that "may" have effected it is reset the states on the server, although I thought rebooting them several times would have done that. But it works now thanks for everyone taking a look.

–Brady

Brady1408

okay so everything was up and running yesterday, one of my employees for a reason beyond me rebooted the server side lastnight, after they did this the vpn stopped working agian, it still shows that it connects just fine from the logs but I can't seem to get any traffic to tunnel thru it.