Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with OpenVPN config for a site to site vpn config..

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 381 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • WB3FFVW Offline
      WB3FFV
      last edited by

      I have two Intel servers setup running PFsense 2.4.1.  I have a pile of IPsec VPN's working like a charm on the one server, but I need to create a VPN from a site with a dynamic IP back to the main location, and from what I have read that is not an IPsec option, so looks like OpenVPN client/server will do the job.

      That said, I have tried using the docs in the wiki for a shared key setup, and I am trying to do the following:

      LAN-A (10.3.0.0/16) -PFS_A–  Internet  --PFS_B- LAN-B (10.4.0.0/16)

      PFS_A Config:

      Server Mode:  Peer to Peer (Shared Key)
      Protocol:  UDP on IPv4 Only
      Device Mode:  tun
      Interface:  WAN
      Local Port:  1194

      Shared Key generated!

      Encryption:  AES-256-CBC
      Auth Digest:  SHA512

      IPv4 Tunnel Net:  172.30.1.0/30
      IPv4 Remote Net:  10.4.0.0/16
      Compression:  Adaptive LZO

      On the Client server I have the following.

      Client PFS_B:

      Server Mode:  Peer to Peer (Shared Key)
      Protocol:  UDP on IPv4 Only
      Device Mode:  tun
      Interface:  WAN
      Server Address:  50.225.xx.yy
      Local Port:  1194

      Shared Key copied from Server!

      Encryption:  AES-256-CBC
      Auth Digest:  SHA512

      IPv4 Tunnel Net:  172.30.1.0/30
      IPv4 Remote Net:  10.3.0.0/16
      Compression:  Adaptive LZO

      So one side is pretty much a perfect match with the other, outside of one being server side, and one being client side.  I have even setup on each side systems to keep a ping going each direction.  Still server side all I see is:

      Peer to Peer Server Instance Statistics
      Name Status Connected Since Virtual Address Remote Host Bytes Sent / Received Service
      Server UDP4:1194 0 B / 0 B

      Client side I see:

      OpenVPN Clients
      Protocol Server Description Actions
      UDP4 50.225.xx.yy:1194 VPN Link

      I have also made sure I had firewall rules in allowing the connection to the server on 1194, and I have also added a VPN rule that just permits all traffic inside the VPN.

      I am sure I am probably missing something silly, but hopefully someone here can point me in the right direction to get this all working.

      Thanks...

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.