Error openvpn site to site not ping

gst.freitas

follows the server screen .. site A

screencapture-187-76-45-2-8090-vpn_openvpn_server-php-1429466307262.jpg

divsys

At minimum, you should specify the Site B subnet in the Site A "IPv4 Remote Network/s" box.

You need to let the server know it will be routing traffic for 192.168.2.0/24 through the OpenVPN conx.

Post the Site B Client screen as well to make sure nothing else is missing.

gst.freitas

Site B Client screen

screencapture-192-168-2-1-8080-vpn_openvpn_client-php-1429467946952.png

Derelict

As has been said, you have no remote networks specified at either end. That's how pfSense knows what traffic to route over the tunnel.

gst.freitas

Apr 19 16:10:49	openvpn[78509]: Closing TUN/TAP interface
Apr 19 16:10:49	openvpn[78509]: /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1558 192.168.181.6 192.168.181.5 init
Apr 19 16:10:51	openvpn[78509]: ROUTE_GATEWAY 200.XXX.90.XXX
Apr 19 16:10:51	openvpn[78509]: TUN/TAP device ovpnc2 exists previously, keep at program end
Apr 19 16:10:51	openvpn[78509]: TUN/TAP device /dev/tun2 opened
Apr 19 16:10:51	openvpn[78509]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 19 16:10:51	openvpn[78509]: /sbin/ifconfig ovpnc2 192.168.181.10 192.168.181.9 mtu 1500 netmask 255.255.255.255 up
Apr 19 16:10:51	openvpn[78509]: /usr/local/sbin/ovpn-linkup ovpnc2 1500 1558 192.168.181.10 192.168.181.9 init
Apr 19 16:10:51	openvpn[78509]: /sbin/route add -net 192.168.10.0 192.168.181.9 255.255.255.0
Apr 19 16:10:51	openvpn[78509]: /sbin/route add -net 192.168.10.0 192.168.181.9 255.255.255.0
Apr 19 16:10:51	openvpn[78509]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Apr 19 16:10:51	openvpn[78509]: /sbin/route add -net 192.168.181.1 192.168.181.9 255.255.255.255
Apr 19 16:10:51	openvpn[78509]: Initialization Sequence Completed

Derelict

You need 192.168.2.0/24 in the remote networks on the server. I believe you also need to put the 192.168.181.0/24 tunnel network in the client side.

gst.freitas

was placed and not solved .. I will do with pfSense 2.1.5 for testing

Derelict

Are you certain the remote hosts will respond to pings from foreign networks? This is often the firewalls on the destination hosts. What version are you using? There have been few problems with OpenVPN on 2.2, 2.2.1, and 2.2.2. No reason to change versions. All you have to do is configure it correctly.

gst.freitas

pfsense 2.2.2

gst.freitas

placed in the test environment (XenServer) two pfSense 2.1.5 doing via vpn openvpn. and it worked, same configuration. Will install version 2.2.2.

phil.davis

I have plenty of OpenVPN site-to-site links on 2.2.2 and they work fine just like they did in 2.1.5 - put the right subnets in Tunel, Local and Remote Network/s boxes on server and client, make sure the firewall rules on LAN and OpenVPN at both ends allow the relevant traffic - that is all there is to it.
When I setup a new office it takes only a couple of minutes to bring up OpenVPN site-to-site links back to our main offices, it really does work.