Site 2 Site problem
-
Hi,
Need help badly…Trying to get a connection between two sites
Site1 10.12.10.0/24
<->
Pfsense01 WAN IP 192.168.1.64
<->
VDSL Dynamic IP
<->
Internet
<->
VDSL Dynamic IP
<->
Pfsense02 WAN IP 192.168.1.64
<->
Site2 10.12.20.0/24I have followed every guide that i could find but i can't get connection.
But he VPN is still down!
We have upgraded the VDSL at site1. Before that we got a static IP and IPsec between the sites.
Please help me!
-
What exactly do you have setup? what does the OpenVPN status show? What do the OpenVPN logs show?
-
I have followed this guide
http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)Now i see that the client status is reconnecting; ping-restart
Log from server
Apr 5 12:19:24
openvpn[29120]: UDPv4 link remote: [undef]
Apr 5 12:19:24
openvpn[29120]: UDPv4 link local (bound): [AF_INET]192.168.1.64:1195
Apr 5 12:19:24
openvpn[20057]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1592 10.0.8.1 10.0.8.2 init
Apr 5 12:19:24
openvpn[20057]: /sbin/ifconfig ovpns1 10.0.8.1 netmask 10.0.8.2 mtu 1500 up
Apr 5 12:19:24
openvpn[20057]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 5 12:19:24
openvpn[20057]: TUN/TAP device /dev/tap1 opened
Apr 5 12:19:24
openvpn[20057]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.12.20.0
Apr 5 12:19:24
openvpn[20057]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a –route option and no default was specified by either --route-gateway or --ifconfig options
Apr 5 12:19:24
openvpn[20057]: WARNING: Since you are using –dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Apr 5 12:19:24
openvpn[20057]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 5 12:19:24
openvpn[20057]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Aug 11 2011
Log from Client
Apr 5 12:21:18
openvpn[10359]: UDPv4 link remote: [AF_INET]85.228.110.124:1195
Apr 5 12:21:18
openvpn[10359]: UDPv4 link local (bound): [AF_INET]192.168.1.64:1195
Apr 5 12:21:18
openvpn[10359]: Preserving previous TUN/TAP instance: ovpnc1
Apr 5 12:21:18
openvpn[10359]: Re-using pre-shared static key
Apr 5 12:21:18
openvpn[10359]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 5 12:21:16
openvpn[10359]: SIGUSR1[soft,ping-restart] received, process restarting
Apr 5 12:21:16
openvpn[10359]: Inactivity timeout (–ping-restart), restarting
-
Given both your firewalls have a private WAN IP, I suspect on the server side the modem isn't passing the traffic through to the actual WAN IP. Can verify with packet capture and/or states.
-
Networking is not my main area…
How could i check how the traffic is passing?
-
ambly-
Have you set up your server side dsl modem to port forward the vpn traffic?
-
I found a way to set one of the dsl modems in bridged mode and now it works!