Ok, so I thought I had this figured out, but it's got a mind of its own.
Client - Public IP, with DD-WRT router connected to it.
Routing 1194 port to PFSense box behind DD-Wrt (PFSense acting as VPN Server)
DD-Wrt = 192.168.1.1/24
PFSense = 192.168.1.254
VPN Tunnel= 10.100.0.0/24 (getting 10.100.0.1)
Static Route from traffic on 10.100.0.0/24 pointing to GW@192.168.1.1
My Office - Public IP, connected to PFSense router/VPN client.
PFSense = 10.0.10.0/24
VPN Tunnel= 10.100.0.0/24 (getting 10.100.0.2)
No Static Route entries.
Connecting just fine as Site to Site OpenVPN with PreShared Key, but traffic will not pass.
On occasion, as I'm screwing around with settings, things will all of a sudden start working perfectly. Ping's are good, RDP into endpoints are fine. To finalize the situation, I will reboot either one of the PFSense boxes, and upon it's return, back to ground zero. Again, the VPN's show connected, and the tunnels are up.
I'm so so lost at this point in time, my brain doesnt know which way up or down is.
Anyone know of an issue with 2.3.1_1? I doubt that it's the software. I just cant figure out why this isnt working…
PS - It's working right now, and I've got good backups of each router.
Again though, a reboot will kill something (settings look all the same), and traffic will not pass through. I cant figure it out..
Reboot killed it again.
Anyone have any idea what may be causing this thing to work perfectly, then stop after a reboot of either PFSense box? Then not take the same settings and start working again?
Or is it too complicated to figure out with the host PFSense VPN server behind a DD-WRT box?
Just looking for anything at this point.
My instincts would have you try and move pfSense ahead of DD-WRT on at least one end (probably the server) to try and reduce the variables involved.
pfSense should be able to do everything DD-WRT does and more.
My personal druthers would be pfSense as the primary router at both ends and DD-WRT setup as an AP only.
Just my $0.02
I agree in moving the PFsense box in front of the DD-Wrt router. That was my initial intentions, until I found out that PFSense wont allow pptp, or l2tp or whatever it is the ghetto Windows VPN server standard is. Once I found that the new router blocked all the existing Windows VPN users, I had to move it behind the firewall, and start migrating people over to the PFSense VPN slowly.
Unless I'm mistaken by that? I tried forwarding the appropriate ports, but that didnt work. Not trying to start a new discussion in this thread, just stating why Im in the crosseyed VPN situation that I am in now.
How many existing Windows VPN users do you have?
I'll bet you can get up and running with viable install packages for them very quickly, especially if you already had pfSense working at the front end before.
To paraphrase some poltico speak going around, "PPTP and L2TP?, C'mon it's 2016 already."
Moving to a real connectivity solution is approaching the level of "trivial" with pfSense in place.
My solution was 1) reinstall pfSense 2.24, 2) observe browsing and website response, 3) allow program to download and install current version. Repeat Step 2. Install security update 2.3.1_1. Repeat Step 2. PIA was configured per guide and modified instructions. Repeat Step 2.
I can't describe it yet browsing 'feels' normal before upgrade to 2.3.
Initial upgrade to 2.3.1 from 2.2.6 failed. IIRC it required 3 attempts. I didn't realize it but there were big changes to 2.3 from 2.2.x.
IMO OpenVPN issues were triggered by PHP. Incremental updates did not properly address PHP.
Suggest reinstalling previous pfSense without configuring OpenVPN. Allow program to download and install current version, install security update(s), and configure OpenVPN.
Hope this helps.