VPN site-by-site with FLI4L 3.0.2
-
Hi, I want a PfSense router (2.1.4-RELEASE) with a FLI4L router (3.0.2) to connect via OpenVPN. The tunnel is indeed established, but it may no data packets are transmitted. My virtual VPN network is 192.168.200.140/30, the ports are 10111 and 10112 local area network 192.168.0.0/24 - remote network 192.168.100.0/24. In the PfSense firewall everything is unlocked, all protocols. Does anyone have experience with this case, can someone help me?
-
Is pfSense setup as a server or client for OpenVPN?
Can you post a screenshot of the OpenVPN config page?
-
The configuration at the PfSense-Router is by client!
Please look at the attachments for my config.Thank you!
-
Well the Client side looks essentially correct, but without seeing the server side, it's hard to tell.
One further note, it wasn't clear which LAN's belong to the client and which to the server -
Client LAN (pfSense side) - 192.168.0.0/24 ?
Server LAN (FLI4L side) - 192.168.100.0/24 ?The main firewall rule for pfsense is to allow all under the OpenVPN interface.
I have never seen the FLI4L configurations for OpenVPN (or anything else) but the things to look for would be the network routed over the tunnel. You might want to check the routing tables on bith the pfSense and the FLI4L side after the tunnel is established. The other place to look is the logs under OpenVPN. Again I don't know what FLI4L provides, but adding a "verb 5" or even a "verb 7" to the "Advanced Configuration" section of the OpenVPN config(s) should log tons of info about the established tunnel (turn it off after you get the tunnel working).
Just as an aside, why are you using FLI4L on the server side? From my (very) cursory look at FLI4L it seems to be a lightweight equivalent to pfSense. Any reason not to instal pfSense on the server side? (not requiring, just asking)