Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issues in setting up OpenVPN between 2 pfsense

    Scheduled Pinned Locked Moved OpenVPN
    15 Posts 4 Posters 1.7k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG Offline
      Gertjan
      last edited by

      Is it me or do you have a circle in your network ? The Wireless router and Home router are both connected to the net ?
      pfSense has a WAN ?
      Why not putting pfSense upfront ?

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • S Offline
        Sid1584
        last edited by

        Thank you for your response . I rent a room in a house , the landlord isn't tech savy and doesn't want me doing any changes to the home router. ISP has provided residential internet connection unlike the enterprise/business connection with static public IP . That's why I cant put my pfsense upfront . Further home router is on a different subnet and pfsense only uses Wireless router since its the default gateway. The other router is LTE based home router , which was connected to the OPT interface during my attempts to configure redundant gateway. There is no circle or loop in the network

        1 Reply Last reply Reply Quote 0
        • RicoR Offline
          Rico LAYER 8 Rebel Alliance
          last edited by

          You need to add Firewall Rules in the OpenVPN tab to allow communication.

          -Rico

          S 1 Reply Last reply Reply Quote 0
          • chpalmerC Offline
            chpalmer
            last edited by

            Show via screenshot the bottom half (where it shows remote network) of your OpenVPN setup pages..

            Show your OpenVPN firewall rules.

            S 1 Reply Last reply Reply Quote 0
            • S Offline
              Sid1584
              last edited by

              Pfsense as OpenVPN server

              OpenVPN setup page
              146f2f5b-2209-4184-ba75-612c59bf04d2-image.png

              2c98c4d1-2f91-462f-adca-6797b328c3d0-image.png
              5ab517ab-0ab8-4534-b040-9d83c3d2fea0-image.png
              34e08490-1b3b-4feb-a8de-0c93988f96d5-image.png
              bbcf27b3-2a52-418f-889a-3807dab3b809-image.png
              bb61fdd2-026d-43aa-98cd-8d7bec6847b5-image.png
              9428092f-80f8-4ee0-98bd-e39ef66a4746-image.png

              WAN Interface firewall rules
              33843661-ca32-4f0a-9a17-9ba403749578-image.png
              69e8d77a-6191-424b-8344-6cc6f2a7ee5a-image.png

              NAT rules on the interface

              dc88bd94-7116-44d8-8408-195fd92976f0-image.png

              I have enabled openVPN on WAN interface rather than a virtual interface. Do you think that might be causing issues?

              1 Reply Last reply Reply Quote 0
              • S Offline
                Sid1584 @Rico
                last edited by

                @Rico The rules were automatically added when during the OpenVPN wizard. Added few NAT rules . I am not sure if that could have caused the problem . I would appreciate if you could have quick look at the rules I have added . I have attached screenshots on my comment.

                1 Reply Last reply Reply Quote 0
                • S Offline
                  Sid1584 @chpalmer
                  last edited by

                  @chpalmer Please find the screenshots on my comment .

                  1 Reply Last reply Reply Quote 0
                  • GertjanG Offline
                    Gertjan
                    last edited by

                    Part of your image :

                    fad6a998-72ea-4bec-a01e-38a9f2cda190-image.png

                    Check out carefully the principal OpenVPN server video from Netgate (Youtube - the Netgate channel)

                    You assigned an Interface to OPENVPN from the auto created OpenVPN :

                    9e9062a9-58bd-42c8-8c49-056fd58e312c-image.png

                    In that case, you can leave OpenVPN empty - it won't be used anymore, like

                    69cd0b6c-60dd-464d-a2e2-ba011780c819-image.png

                    Place (copy) the Open VPN Wizard general 'pass' rule from the OpenVPN to the OPENVPN interface.

                    3ad5a25e-26c6-4f79-9b9b-93c54fd7d559-image.png

                    No need to have two identical fire wall rules on the same interface.
                    I have two rules : one for IPv4 and one for IPv6.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    S 1 Reply Last reply Reply Quote 0
                    • S Offline
                      Sid1584 @Gertjan
                      last edited by

                      @Gertjan Thanks for the reply . In my OpenVPN setup , only WAN interface is enabled . However I assigned the ovpns1 to OPENVPN , i thought this deployment requires that . I removed them now. I am able to connect and VPN is up but cant connect to the Open VPN client from the server

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG Offline
                        Gertjan @Sid1584
                        last edited by

                        @Sid1584 said in Issues in setting up OpenVPN between 2 pfsense:

                        am able to connect and VPN is up but cant connect to the Open VPN client from the server

                        You, from the outside, using some openvpn App, are the client. You connect to the server, running on your pfSense.
                        It's the client that takes action to connect to the server, not the other way around.

                        Can you confirm that you see the connection in the pfSense GUI like this :

                        81b3b61f-452e-4153-8d2b-aaa0c342e512-image.png
                        So, now, you don't have the OPENVPN any more ?
                        There is only the OpenVPN interface ? With the - just one - Wizard rule like :

                        e11a7ca4-5396-4851-86c7-a60fccead219-image.png

                        ?

                        Your client VPN logs while connecting ?
                        pfSense server logs while connecting ?

                        In what is your setup different as the 'default' Netgate OenVPN video ?

                        On your WAN interface, remove this :
                        c0ba5cbc-3e60-44ca-8c30-a7f8a03f7996-image.png

                        It's an open bar rule : let every body in. Happily enough, connections are using IPv4, so they are state based. In the future (IPv6 ) you just opened up your entire LAN network to the Internet. You might as well remove pfSense (the firewall) all together.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        S 1 Reply Last reply Reply Quote 0
                        • S Offline
                          Sid1584 @Gertjan
                          last edited by

                          @Gertjan I am not using OpenVPN client app rather I have made Pfsense SG1100 as the OpenVPN client and its server is the pfsense on the cloud which is depicted on the right of the topology diagram. Yeah I agree , the rules on WAN interface is open to my LAN network , its pretty bad but I dont have any LAN devices or LAN network on the cloud . In the logs I see the user is authenticated and the tunnel interface is up with its virtual IP. Do you think having one PFsense as a client and other Pfsense as a server is a feasible implementation?.

                          GertjanG 1 Reply Last reply Reply Quote 0
                          • GertjanG Offline
                            Gertjan @Sid1584
                            last edited by

                            @Sid1584 said in Issues in setting up OpenVPN between 2 pfsense:

                            Do you think having one PFsense as a client and other Pfsense as a server is a feasible implementation?.

                            Never did so myself, but thousands are doing just that.
                            Mostly it's about tunnelling one company's site to another - interconnection company's LAN's.

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            S chpalmerC 2 Replies Last reply Reply Quote 0
                            • S Offline
                              Sid1584 @Gertjan
                              last edited by

                              @Gertjan I am planning to setup the OpenVPN server as the central VPN gateway and expand the network if needed. If I fix this , I am pretty sure I can.

                              1 Reply Last reply Reply Quote 0
                              • chpalmerC Offline
                                chpalmer @Gertjan
                                last edited by chpalmer

                                This post is deleted!
                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.