Can't establish OpenVPN site-to-site tunnel
-
I'm trying to setup a site-to-site OpenVPN tunnel between two sites running PFSense. We've setup CAs at each site, and imported the CA from site 1 which is to be the server side. For some reason, the tunnel won't come up, and I'm not really seeing anything useful in the logs.
As a test, I tried spinning up two VMs as an attempt to replicate it and also to rule out any distance-related issues. Same thing. No tunnel established (I check on the dashboard after enabling the OpenVPN widget), but no real errors.
I've also tried just doing the site as a shared key, but I get the same thing.
Output from pfsense2 (the client side) is below;
Jun 20 00:37:27 openvpn 93230 MANAGEMENT: Client disconnected Jun 20 00:37:27 openvpn 93230 MANAGEMENT: CMD 'state 1' Jun 20 00:37:27 openvpn 93230 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jun 20 00:37:27 openvpn 93230 MANAGEMENT: Client disconnected Jun 20 00:37:27 openvpn 93230 MANAGEMENT: CMD 'state 1' Jun 20 00:37:27 openvpn 93230 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Jun 20 00:36:50 openvpn 93230 UDPv4 link remote: [AF_INET]10.0.0.126:1194 Jun 20 00:36:50 openvpn 93230 UDPv4 link local (bound): [AF_INET]10.0.0.104 Jun 20 00:36:50 openvpn 93230 Expected Remote Options hash (VER=V4): '14d315e7' Jun 20 00:36:50 openvpn 93230 Local Options hash (VER=V4): 'a5d50645' Jun 20 00:36:50 openvpn 93230 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server' Jun 20 00:36:50 openvpn 93230 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client' Jun 20 00:36:50 openvpn 93230 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:143 ET:0 EL:3 AF:3/1 ] Jun 20 00:36:50 openvpn 93230 Socket Buffers: R=[42080->42080] S=[57344->57344] Jun 20 00:36:50 openvpn 93230 Control Channel MTU parms [ L:1602 D:1140 EF:110 EB:0 ET:0 EL:3 ] Jun 20 00:36:50 openvpn 93230 LZO compression initialized Jun 20 00:36:50 openvpn 93230 Re-using SSL/TLS context Jun 20 00:36:50 openvpn 93230 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jun 20 00:36:50 openvpn 93230 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Jun 20 00:36:48 openvpn 93230 Restart pause, 2 second(s) Jun 20 00:36:48 openvpn 93230 SIGUSR1[soft,ping-restart] received, process restarting Jun 20 00:36:48 openvpn 93230 TCP/UDP: Closing socket Jun 20 00:36:48 openvpn 93230 [UNDEF] Inactivity timeout (--ping-restart), restarting
Here's from pfsense1 (serverside):
Jun 20 00:04:50 openvpn 68135 UDPv4 link remote: [undef] Jun 20 00:04:50 openvpn 68135 UDPv4 link local (bound): [AF_INET]10.0.0.126:1194 Jun 20 00:04:50 openvpn 68135 /usr/local/sbin/ovpn-linkup ovpns1 1500 1602 10.98.0.1 10.98.0.2 init Jun 20 00:04:50 openvpn 68135 /sbin/ifconfig ovpns1 10.98.0.1 10.98.0.2 mtu 1500 netmask 255.255.255.255 up Jun 20 00:04:50 openvpn 68135 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 Jun 20 00:04:50 openvpn 68135 TUN/TAP device /dev/tun1 opened Jun 20 00:04:50 openvpn 68135 TUN/TAP device ovpns1 exists previously, keep at program end Jun 20 00:04:50 openvpn 68135 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file Jun 20 00:04:50 openvpn 68135 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jun 20 00:04:50 openvpn 67831 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.10 Jun 20 00:04:50 openvpn 67831 OpenVPN 2.3.14 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 3 2017 Jun 20 00:04:50 openvpn 60017 SIGTERM[hard,] received, process exiting Jun 20 00:04:50 openvpn 60017 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1602 10.98.0.1 10.98.0.2 init Jun 20 00:04:50 openvpn 60017 event_wait : Interrupted system call (code=4)
Any ideas where I should start troubleshooting?