Issues in setting up OpenVPN between 2 pfsense
-
You need to add Firewall Rules in the OpenVPN tab to allow communication.
-Rico
-
Show via screenshot the bottom half (where it shows remote network) of your OpenVPN setup pages..
Show your OpenVPN firewall rules.
-
Pfsense as OpenVPN server
OpenVPN setup page
WAN Interface firewall rules
NAT rules on the interface
I have enabled openVPN on WAN interface rather than a virtual interface. Do you think that might be causing issues?
-
@Rico The rules were automatically added when during the OpenVPN wizard. Added few NAT rules . I am not sure if that could have caused the problem . I would appreciate if you could have quick look at the rules I have added . I have attached screenshots on my comment.
-
@chpalmer Please find the screenshots on my comment .
-
Part of your image :
Check out carefully the principal OpenVPN server video from Netgate (Youtube - the Netgate channel)
You assigned an Interface to OPENVPN from the auto created OpenVPN :
In that case, you can leave OpenVPN empty - it won't be used anymore, like
Place (copy) the Open VPN Wizard general 'pass' rule from the OpenVPN to the OPENVPN interface.
No need to have two identical fire wall rules on the same interface.
I have two rules : one for IPv4 and one for IPv6. -
@Gertjan Thanks for the reply . In my OpenVPN setup , only WAN interface is enabled . However I assigned the ovpns1 to OPENVPN , i thought this deployment requires that . I removed them now. I am able to connect and VPN is up but cant connect to the Open VPN client from the server
-
@Sid1584 said in Issues in setting up OpenVPN between 2 pfsense:
am able to connect and VPN is up but cant connect to the Open VPN client from the server
You, from the outside, using some openvpn App, are the client. You connect to the server, running on your pfSense.
It's the client that takes action to connect to the server, not the other way around.Can you confirm that you see the connection in the pfSense GUI like this :
So, now, you don't have the OPENVPN any more ?
There is only the OpenVPN interface ? With the - just one - Wizard rule like :
?
Your client VPN logs while connecting ?
pfSense server logs while connecting ?In what is your setup different as the 'default' Netgate OenVPN video ?
On your WAN interface, remove this :
It's an open bar rule : let every body in. Happily enough, connections are using IPv4, so they are state based. In the future (IPv6 ) you just opened up your entire LAN network to the Internet. You might as well remove pfSense (the firewall) all together.
-
@Gertjan I am not using OpenVPN client app rather I have made Pfsense SG1100 as the OpenVPN client and its server is the pfsense on the cloud which is depicted on the right of the topology diagram. Yeah I agree , the rules on WAN interface is open to my LAN network , its pretty bad but I dont have any LAN devices or LAN network on the cloud . In the logs I see the user is authenticated and the tunnel interface is up with its virtual IP. Do you think having one PFsense as a client and other Pfsense as a server is a feasible implementation?.
-
@Sid1584 said in Issues in setting up OpenVPN between 2 pfsense:
Do you think having one PFsense as a client and other Pfsense as a server is a feasible implementation?.
Never did so myself, but thousands are doing just that.
Mostly it's about tunnelling one company's site to another - interconnection company's LAN's.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@Gertjan I am planning to setup the OpenVPN server as the central VPN gateway and expand the network if needed. If I fix this , I am pretty sure I can.
-
This post is deleted!
