Site 2 Site problem

ambly

Hi,
Need help badly…

Trying to get a connection between two sites

Site1 10.12.10.0/24
<->
Pfsense01 WAN IP 192.168.1.64
<->
VDSL Dynamic IP
<->
Internet
<->
VDSL Dynamic IP
<->
Pfsense02 WAN IP 192.168.1.64
<->
Site2 10.12.20.0/24

I have followed every guide that i could find but i can't get connection.

But he VPN is still down!

We have upgraded the VDSL at site1. Before that we got a static IP and IPsec between the sites.

Please help me!

cmb

What exactly do you have setup? what does the OpenVPN status show? What do the OpenVPN logs show?

ambly

I have followed this guide
http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)

Now i see that the client status is reconnecting; ping-restart

Log from server

Apr 5 12:19:24

openvpn[29120]: UDPv4 link remote: [undef]

Apr 5 12:19:24

openvpn[29120]: UDPv4 link local (bound): [AF_INET]192.168.1.64:1195

Apr 5 12:19:24

openvpn[20057]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1592 10.0.8.1 10.0.8.2 init

Apr 5 12:19:24

openvpn[20057]: /sbin/ifconfig ovpns1 10.0.8.1 netmask 10.0.8.2 mtu 1500 up

Apr 5 12:19:24

openvpn[20057]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Apr 5 12:19:24

openvpn[20057]: TUN/TAP device /dev/tap1 opened

Apr 5 12:19:24

openvpn[20057]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.12.20.0

Apr 5 12:19:24

openvpn[20057]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a –route option and no default was specified by either --route-gateway or --ifconfig options

Apr 5 12:19:24

openvpn[20057]: WARNING: Since you are using –dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)

Apr 5 12:19:24

openvpn[20057]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts

Apr 5 12:19:24

openvpn[20057]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Aug 11 2011

Log from Client

Apr 5 12:21:18

openvpn[10359]: UDPv4 link remote: [AF_INET]85.228.110.124:1195

Apr 5 12:21:18

openvpn[10359]: UDPv4 link local (bound): [AF_INET]192.168.1.64:1195

Apr 5 12:21:18

openvpn[10359]: Preserving previous TUN/TAP instance: ovpnc1

Apr 5 12:21:18

openvpn[10359]: Re-using pre-shared static key

Apr 5 12:21:18

openvpn[10359]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts

Apr 5 12:21:16

openvpn[10359]: SIGUSR1[soft,ping-restart] received, process restarting

Apr 5 12:21:16

openvpn[10359]: Inactivity timeout (–ping-restart), restarting

cmb

Given both your firewalls have a private WAN IP, I suspect on the server side the modem isn't passing the traffic through to the actual WAN IP. Can verify with packet capture and/or states.

ambly

Networking is not my main area…

How could i check how the traffic is passing?

chpalmer

ambly-

Have you set up your server side dsl modem to port forward the vpn traffic?

ambly

I found a way to set one of the dsl modems in bridged mode and now it works!