No traffic over p2p shared key tunnel after upgrade to 2.3.4 (coming from 2.2.5)
We finally upgraded to 2.3.x of pfsense and coming from 2.2.5.
Now i have the problem that i the VPN p2p tunnel we had is not working anymore.
When i look at routing (which was opposed in the other forum) this looks ok to me but i cannot even ping the tunnel ip's on both sides.
On the server side i have the following:
Tunnel network ip is 10.0.9.1
Local network is 10.1.12.0/24
default 192.168.178.1 UGS 40676 1500 fxp0
10.0.9.1 link#11 UHS 0 16384 lo0
10.0.9.2 link#11 UH 656 1500 ovpns4
127.0.0.1 link#8 UH 7122 16384 lo0
192.168.0.0/24 10.0.9.2 UGS 1592 1500 ovpns4
192.168.100.0/24 10.0.9.2 UGS 250 1500 ovpns4
On the client side i have the following:
Tunnel network IP is 10.0.9.2
Local network is 192.168.0.0/24 and 192.168.100.0/24
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 enp5s0
10.0.9.1 0.0.0.0 255.255.255.255 UH 0 0 0 ovpnc2
10.1.12.0 10.0.9.1 255.255.255.0 UG 0 0 0 ovpnc2
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp4s1
The VPN tunnel connection is ok.
And firewall let's everything through to these networks.
But when i try to ping on the firewall to 10.0.9.2 i get 100% packet loss
The same on the client for pinging 10.0.9.1.
If i ping the machine it's own tunnel ip it works.
Weird thing is though when looking in the states table i see sometimes states between the two networks.
Config server side:
Server mode: Peer to Peer (Shared key)
Protocol : UDP
Device mode: tun
interface : <our external="" ip="">local port: 1197
Shared Key: <key>Encryption Algorythm : AES-256-CBC (256 bit key, 128 bit bloc)
Auth digest alogithm: SHA1 (160-bit)
Hardware crypto: No hardware….
IPv4 Tunnel network: 10.0.9.0/24
IPv4 Remote networks: 192.168.0.0/24,192.168.100.0/24
Compression : No preference
Type of service: not checked
Duplicate connection: not checked
Disable IPv6: checked
Custom Options: empty
config client side
keepalive 10 60
#management /var/etc/openvpn/client2.sock unix
remote <our external="" ip="">#remote lin.nagios.ca.clicks2customers.com
ifconfig 10.0.9.2 10.0.9.1
route 10.1.12.0 255.255.255.0
Ok I can shoot myself.
Found the problem after lots of side testing and not working.
The other side needed a fresh start of the openVPN client :o ::).
Got a bit sidetracked by the fact it connects automatically and tunnel seemed to be functional (without traffic).
I logged on to my pfSense today and was pretty horrified to see a 502 error page. I didn't want to reboot until I understood the cause. I did have the OpenVPN Widget and IPSec VPN Widget running on the homepage of pfSense. I also changed my firewall logs to show 20 results, show FAIL & REJECT, and refresh every 1 second. Perhaps this was a bit too aggressive. My OpenVPN clients couldn't connect via OpenVPN but IPSec VPN was able to still connect.
As advised earlier, restarting PHP-FPM using the numerical menu options in the pfSense console allowed the OpenVPN tunnels to connect again, and removed the 502 error.
Hope this helps.