Site to Site OpenVPN



  • I'm looking to establish a site to site VPN tunnel via OpenVPN.  Each site is running pfsense at the LAN edge, both sites use DSL (PPPoE) with dynamic IP's and DynDNS.

    Before I ask any questions, is there documentation/FAQ/wiki anywhere that bluntly explains how to do this with pfsense?
    I've searched around and haven't found anything totally meaningful.  Thanks.

    Also, if it's simpler to use other means to create a tunnel using other means (IPSec, PPTP), please lead me in the right direction.  Thanks.



  • Yes, someone even outlined all the commands to run in this forum.

    Search.



  • Honestly, I'm a hardcore GUI user, I couldn't use the Unix/BSD command line if my life depended on it.  Aside from cd and ls commands I'm pretty useless.

    The front end for PFSense has been great so far, I'm just sort of lost with the OpenVPN settings and creating keys.  I did find the thread on creating keys, but it still makes no sense to me.  Any chance of having a key creation tool like is currently being used to create SSL certificate/keys?



  • http://forum.pfsense.org/index.php?topic=1332.0

    It's just a matter of following those commands, really. If you still can't get it going, http://www.pfsense.com/index.php?id=36 has an IPsec tutorial. And try to improve your searching skills.

    I started developing a key manager for pfSense, so, when time allows, there'll be a way to manage OpenVPN static keys (or maybe even a full PKI) from the GUI.



  • Ok, I got it working using a shared key, thanks.



  • Ok, it was working yesterday, but the wireless stopped working.  I rebooted the local pfsense box and now the wireless works, and the VPN tunnel comes up.  The problem is that the local pfsense box blocks everything coming in on the TUN0 interface.  If I ping the remote pfsense box, the reply get blocked here according to the firewall logs.  There is no blocking happening at the remote pfsense box.

    It weird because it was working great yesterday, until I hopped on my laptop and realized the wireless no longer worked (it authenticated and recieved and IP, but no communitcation past the firewall was happening)



  • is it possible to add a tunX interface to the firewall (or is this not nessesary?) is it also possible to add a static route for the openvpn interface?



  • @tunge2:

    is it possible to add a tunX interface to the firewall (or is this not nessesary?) is it also possible to add a static route for the openvpn interface?

    Routes are automatically added for whatever network you specify in the Remote Network field at either end as soon as the tunnel becomes active.  If you have more then one internal network on local end, then you can assign static routes at the remote end, and vise versa.

    I haven't tried working with the summarization of networks, for example using a static route for 192.168.0.0/22 for subnets 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24.


Log in to reply