Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Site to Site with Tomato Client

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yodaphone
      last edited by

      Hi

      I have a new pfsense setup, running 2.3.2-RELEASE-p1, with a static IP. I'm fairly new to this but spending tons of hours to learn various thing about this great product.

      1. I have a Site to Site VPN setup on this. Please see screen shots. I'm not using this for anything else. I havent setup any other packages. The machine has AES-NI enabled, but i havent configured that here.
      2. Created the service, used "Peer to Peer (Shared Key)", enabled adaptive compression AES-128-CBC
      3. Tunnel IP 10.0.8.0/24
      4. remote network 192.168.3.0/24, running behind an ISP Natted IP. Running Tomato Shibby on ASUS RT-AC66R
      5. Setup rules required in Firewall

      The tunnel comes up but no traffic & then it goes into a restart mode. I'm unable to ping or see any machines on either side.

      I've tried to read 7 follow many guides listed here & suggestions, BUT i'm unable to get it to work. Any ideas where i might be going wrong?

      Thanks in advance

      Attaching screengrabs from OpenVPN Server & tomato shibby config too

      OpenVPN Log

      
      Jan 26 18:59:54	openvpn	51623	TUN READ [48]
      Jan 26 18:59:53	openvpn	51623	TUN READ [48]
      Jan 26 18:59:53	openvpn	51623	TUN READ [48]
      Jan 26 18:59:48	openvpn	51623	TUN READ [52]
      Jan 26 18:59:47	openvpn	51623	TUN READ [52]
      Jan 26 18:59:47	openvpn	51623	TUN READ [52]
      Jan 26 18:59:45	openvpn	51623	TUN READ [52]
      Jan 26 18:59:44	openvpn	51623	TUN READ [52]
      Jan 26 18:59:44	openvpn	51623	TUN READ [52]
      Jan 26 18:58:33	openvpn	51623	UDPv4 link remote: [undef]
      Jan 26 18:58:33	openvpn	51623	UDPv4 link local (bound): [AF_INET]75.99.XXX.131:1194
      Jan 26 18:58:33	openvpn	51623	Expected Remote Options hash (VER=V4): 'd80c27d3'
      Jan 26 18:58:33	openvpn	51623	Local Options hash (VER=V4): 'd8318dd5'
      Jan 26 18:58:33	openvpn	51623	Expected Remote Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 10.0.8.1 10.0.8.2,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
      Jan 26 18:58:33	openvpn	51623	Local Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 10.0.8.2 10.0.8.1,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
      Jan 26 18:58:33	openvpn	51623	Data Channel MTU parms [ L:1561 D:1450 EF:61 EB:143 ET:0 EL:3 AF:3/1 ]
      Jan 26 18:58:33	openvpn	51623	Preserving previous TUN/TAP instance: ovpns1
      Jan 26 18:58:33	openvpn	51623	Socket Buffers: R=[42080->42080] S=[57344->57344]
      Jan 26 18:58:33	openvpn	51623	LZO compression initialized
      Jan 26 18:58:33	openvpn	51623	Re-using pre-shared static key
      Jan 26 18:58:33	openvpn	51623	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Jan 26 18:58:31	openvpn	51623	Restart pause, 2 second(s)
      Jan 26 18:58:31	openvpn	51623	SIGUSR1[soft,ping-restart] received, process restarting
      Jan 26 18:58:31	openvpn	51623	TCP/UDP: Closing socket
      Jan 26 18:58:31	openvpn	51623	Inactivity timeout (--ping-restart), restarting
      Jan 26 18:58:27	openvpn	51623	UDPv4 WRITE [68] to [AF_INET]49.XXX.121.193:4035: DATA len=68
      Jan 26 18:58:17	openvpn	51623	UDPv4 WRITE [68] to [AF_INET]49.XXX.121.193:4035: DATA len=68
      Jan 26 18:58:07	openvpn	51623	UDPv4 WRITE [68] to [AF_INET]49.XXX.121.193:4035: DATA len=68
      Jan 26 18:57:56	openvpn	51623	UDPv4 WRITE [68] to [AF_INET]49.XXX.121.193:4035: DATA len=68
      Jan 26 18:57:46	openvpn	51623	UDPv4 WRITE [100] to [AF_INET]49.XXX.121.193:4035: DATA len=100
      Jan 26 18:57:46	openvpn	51623	TUN READ [48]
      Jan 26 18:57:46	openvpn	51623	UDPv4 WRITE [100] to [AF_INET]49.XXX.121.193:4035: DATA len=100
      Jan 26 18:57:46	openvpn	51623	TUN READ [48]
      Jan 26 18:57:40	openvpn	51623	UDPv4 WRITE [100] to [AF_INET]49.XXX.121.193:4035: DATA len=100
      Jan 26 18:57:40	openvpn	51623	TUN READ [52]
      Jan 26 18:57:40	openvpn	51623	UDPv4 WRITE [100] to [AF_INET]49.XXX.121.193:4035: DATA len=100
      Jan 26 18:57:40	openvpn	51623	TUN READ [52]
      Jan 26 18:57:37	openvpn	51623	UDPv4 WRITE [100] to [AF_INET]49.XXX.121.193:4035: DATA len=100
      Jan 26 18:57:37	openvpn	51623	TUN READ [52]
      Jan 26 18:57:37	openvpn	51623	UDPv4 WRITE [100] to [AF_INET]49.XXX.121.193:4035: DATA len=100
      Jan 26 18:57:37	openvpn	51623	TUN READ [52]
      Jan 26 18:57:31	openvpn	51623	UDPv4 READ [212] from [AF_INET]49.XXX.121.193:4035: DATA len=212
      Jan 26 18:57:31	openvpn	51623	UDPv4 WRITE [68] to [AF_INET]49.XXX.121.193:4035: DATA len=68
      Jan 26 18:57:24	openvpn	51623	Initialization Sequence Completed
      Jan 26 18:57:23	openvpn	51623	UDPv4 WRITE [212] to [AF_INET]49.XXX.121.193:4035: DATA len=212
      Jan 26 18:57:23	openvpn	51623	Peer Connection Initiated with [AF_INET]49.XXX.121.193:4035
      Jan 26 18:57:23	openvpn	51623	UDPv4 READ [68] from [AF_INET]49.XXX.121.193:4035: DATA len=68
      Jan 26 18:56:30	openvpn	51623	UDPv4 link remote: [undef]
      Jan 26 18:56:30	openvpn	51623	UDPv4 link local (bound): [AF_INET]75.99.XXX.131:1194
      Jan 26 18:56:30	openvpn	51623	Expected Remote Options hash (VER=V4): 'd80c27d3'
      Jan 26 18:56:30	openvpn	51623	Local Options hash (VER=V4): 'd8318dd5'
      Jan 26 18:56:30	openvpn	51623	Expected Remote Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 10.0.8.1 10.0.8.2,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
      Jan 26 18:56:30	openvpn	51623	Local Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 10.0.8.2 10.0.8.1,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
      Jan 26 18:56:30	openvpn	51623	Data Channel MTU parms [ L:1561 D:1450 EF:61 EB:143 ET:0 EL:3 AF:3/1 ]
      Jan 26 18:56:30	openvpn	51623	/sbin/route add -net 192.168.3.0 10.0.8.2 255.255.255.0
      Jan 26 18:56:30	openvpn	51623	/usr/local/sbin/ovpn-linkup ovpns1 1500 1561 10.0.8.1 10.0.8.2 init
      Jan 26 18:56:30	openvpn	51623	/sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up
      Jan 26 18:56:30	openvpn	51623	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
      Jan 26 18:56:30	openvpn	51623	TUN/TAP device /dev/tun1 opened
      

      vpn1.png
      vpn1.png_thumb
      vpn2.png
      vpn2.png_thumb
      vpn3.png
      vpn3.png_thumb
      vpn4.png
      vpn4.png_thumb
      remote_vpn1.png
      remote_vpn1.png_thumb
      remote_vpn2.png
      remote_vpn2.png_thumb

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Can you get any logs out of OpenVPN on Tomato/Shibby?

        From the server side log the client stopped responding, so hopefully its log would have some more detail as to why.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • Y
          yodaphone
          last edited by

          @jimp:

          Can you get any logs out of OpenVPN on Tomato/Shibby?

          From the server side log the client stopped responding, so hopefully its log would have some more detail as to why.

          will try to get them..

          1 Reply Last reply Reply Quote 0
          • Y
            yodaphone
            last edited by

            @jimp:

            Can you get any logs out of OpenVPN on Tomato/Shibby?

            From the server side log the client stopped responding, so hopefully its log would have some more detail as to why.

            ok, here you go. i just restarted the service on both sides & this is what i have on the tomato side (warehouse1).. i configured the syslog to log any blocks by firewall inbound OR outbound.

            Jan 27 04:59:54 warehouse1 user.notice root: vpnrouting: clean-up
            Jan 27 05:00:00 warehouse1 syslog.info root: – MARK --
            Jan 27 05:00:02 warehouse1 user.info kernel: tun: Universal TUN/TAP device driver, 1.6
            Jan 27 05:00:02 warehouse1 user.info kernel: tun: (C) 1999-2004 Max Krasnyansky
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17295]: OpenVPN 2.3.11 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 31 2016
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17295]: library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17306]: Static Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17306]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17306]: Static Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17306]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17306]: Socket Buffers: R=[114688->114688] S=[114688->114688]
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17306]: TUN/TAP device tun11 opened
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17306]: TUN/TAP TX queue length set to 100
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17306]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17306]: /sbin/ifconfig tun11 10.0.8.2 pointopoint 10.0.8.1 mtu 1500
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17306]: UDPv4 link local: [undef]
            Jan 27 05:00:02 warehouse1 daemon.notice openvpn[17306]: UDPv4 link remote: [AF_INET]75.99.XXX.131:1194
            Jan 27 05:00:03 warehouse1 user.notice root: vpnrouting: clean-up
            Jan 27 05:00:06 warehouse1 daemon.err openvpn[17306]: event_wait : Interrupted system call (code=4)
            Jan 27 05:00:06 warehouse1 daemon.notice openvpn[17306]: OpenVPN STATISTICS
            Jan 27 05:00:06 warehouse1 daemon.notice openvpn[17306]: Updated,Fri Jan 27 05:00:06 2017
            Jan 27 05:00:06 warehouse1 daemon.notice openvpn[17306]: TUN/TAP read bytes,0
            Jan 27 05:00:06 warehouse1 daemon.notice openvpn[17306]: TUN/TAP write bytes,0
            Jan 27 05:00:06 warehouse1 daemon.notice openvpn[17306]: TCP/UDP read bytes,0
            Jan 27 05:00:06 warehouse1 daemon.notice openvpn[17306]: TCP/UDP write bytes,0
            Jan 27 05:00:06 warehouse1 daemon.notice openvpn[17306]: Auth read bytes,0
            Jan 27 05:00:06 warehouse1 daemon.notice openvpn[17306]: pre-compress bytes,0
            Jan 27 05:00:06 warehouse1 daemon.notice openvpn[17306]: post-compress bytes,0
            Jan 27 05:00:10 warehouse1 daemon.err openvpn[17306]: event_wait : Interrupted system call (code=4)
            Jan 27 05:00:10 warehouse1 daemon.notice openvpn[17306]: OpenVPN STATISTICS
            Jan 27 05:00:10 warehouse1 daemon.notice openvpn[17306]: Updated,Fri Jan 27 05:00:10 2017
            Jan 27 05:00:10 warehouse1 daemon.notice openvpn[17306]: TUN/TAP read bytes,0
            Jan 27 05:00:10 warehouse1 daemon.notice openvpn[17306]: TUN/TAP write bytes,0
            Jan 27 05:00:10 warehouse1 daemon.notice openvpn[17306]: TCP/UDP read bytes,0
            Jan 27 05:00:10 warehouse1 daemon.notice openvpn[17306]: TCP/UDP write bytes,0
            Jan 27 05:00:10 warehouse1 daemon.notice openvpn[17306]: Auth read bytes,0
            Jan 27 05:00:10 warehouse1 daemon.notice openvpn[17306]: pre-compress bytes,0
            Jan 27 05:00:10 warehouse1 daemon.notice openvpn[17306]: post-compress bytes,0
            Jan 27 05:00:10 warehouse1 daemon.notice openvpn[17306]: pre-decompress bytes,0
            Jan 27 05:00:10 warehouse1 daemon.notice openvpn[17306]: post-decompress bytes,0
            Jan 27 05:00:10 warehouse1 daemon.notice openvpn[17306]: END
            Jan 27 05:00:12 warehouse1 daemon.notice openvpn[17306]: Peer Connection Initiated with [AF_INET]75.99.XXX.131:1194
            Jan 27 05:00:12 warehouse1 daemon.err openvpn[17306]: event_wait : Interrupted system call (code=4)
            Jan 27 05:00:12 warehouse1 daemon.notice openvpn[17306]: OpenVPN STATISTICS
            Jan 27 05:00:12 warehouse1 daemon.notice openvpn[17306]: Updated,Fri Jan 27 05:00:12 2017
            Jan 27 05:00:12 warehouse1 daemon.notice openvpn[17306]: TUN/TAP read bytes,0
            Jan 27 05:00:12 warehouse1 daemon.notice openvpn[17306]: TUN/TAP write bytes,0
            Jan 27 05:00:12 warehouse1 daemon.notice openvpn[17306]: TCP/UDP read bytes,212
            Jan 27 05:00:12 warehouse1 daemon.notice openvpn[17306]: TCP/UDP write bytes,68
            Jan 27 05:00:12 warehouse1 daemon.notice openvpn[17306]: Auth read bytes,156
            Jan 27 05:00:12 warehouse1 daemon.notice openvpn[17306]: pre-compress bytes,0
            Jan 27 05:00:12 warehouse1 daemon.notice openvpn[17306]: post-compress bytes,0
            Jan 27 05:00:13 warehouse1 daemon.notice openvpn[17306]: Initialization Sequence Completed
            Jan 27 05:02:16 warehouse1 daemon.err openvpn[17306]: event_wait : Interrupted system call (code=4)
            Jan 27 05:02:16 warehouse1 daemon.notice openvpn[17306]: OpenVPN STATISTICS
            Jan 27 05:02:16 warehouse1 daemon.notice openvpn[17306]: Updated,Fri Jan 27 05:02:16 2017
            Jan 27 05:02:16 warehouse1 daemon.notice openvpn[17306]: TUN/TAP read bytes,0
            Jan 27 05:02:16 warehouse1 daemon.notice openvpn[17306]: TUN/TAP write bytes,0
            Jan 27 05:02:16 warehouse1 daemon.notice openvpn[17306]: TCP/UDP read bytes,552
            Jan 27 05:02:16 warehouse1 daemon.notice openvpn[17306]: TCP/UDP write bytes,68
            Jan 27 05:02:16 warehouse1 daemon.notice openvpn[17306]: Auth read bytes,236
            Jan 27 05:02:16 warehouse1 daemon.notice openvpn[17306]: pre-compress bytes,0
            Jan 27 05:02:16 warehouse1 daemon.notice openvpn[17306]: post-compress bytes,0
            Jan 27 05:02:16 warehouse1 daemon.notice openvpn[17306]: post-decompress bytes,0
            Jan 27 05:02:16 warehouse1 daemon.notice openvpn[17306]: END

            1 Reply Last reply Reply Quote 0
            • Y
              yodaphone
              last edited by

              @jimp:

              Can you get any logs out of OpenVPN on Tomato/Shibby?

              From the server side log the client stopped responding, so hopefully its log would have some more detail as to why.

              i tired one more thing. i created a remote access server on pfsense & installed the OpenVPN Client on a windows box behind this tomato. it was able to connect & communicate.

              So my suspicion is something to do with the config on the tomato side.

              am gonna try using the remote access config in the remote access mode rather than site-to-site & revert back

              1 Reply Last reply Reply Quote 0
              • Y
                yodaphone
                last edited by

                i think this boils down to the way OpenVPN is implemented in tomato.

                if i use a client from behind the tomato, i'm able to connect. if i use the same parameters, it connects but no traffic flows thro. ::) :o :o >:(

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.