A simple VPN



  • We currently have 2 buildings that has a VPN connection between them using NetGear boxes.

    I want to setup a 2nd VPN which could be used in the event our Netgear VPN fails. The only data passing between the two buildings is time clock data from the remote site to our main office.

    Each site main/remote has a PFsense box in it.
    Remote site Public 96.x.x.x, private 10.4.0.0
    Local site Public 75.x.x.x, private 10.2.0.0

    I can create the OPENVPN tunnel using shared key, and a virtual tunnel address i.e. 172.1.1.x, but I can't ping either box from either site....Both sites show gateway's up, and the tunnel up, but for what ever reason, I can't ping either site from the other with regard to private addresses, and/or the virtual address that the VPN has.

    I'm guessing it "could" be a firewall setting but for the life of me, I can't see it if it's there. Any suggestions?

    TIA



  • You didn't say whether or not you added the necessary firewall rules to the OpenVPN interface. Also, what clients are you trying to ping? Windows won't respond to unsolicited traffic from outside its subnet, for instance.



  • Thanks for the quick reply. Yeah, I've implemented firewall rules to each site. Both on the WAN interface and OPENvpn interfaces. Port 1194.

    Let me ask you this. with our Netgear IPsec Tunnel I can ping clients from either building.

    Is a shared key type of VPN different with regard to window machines pinging clients over a VPN?

    BTW, I'm trying to ping either PFsense Boxes and/or any clients on either network. I can't even ping 172.1.1.1 or 172.1.1.2 which is the Virtual IP address for the tunnel.



  • I wouldn't think so but I'm not an OpenVPN expert. I have it working here in the office, and on my personal VPS. I used my usual 'Brute Force & Ignorance' method of getting it all working. You might have to screencap & post your complete config to get any help.



  • Currently using IPsec but going to OpenVPN, correct?
    This may help...
    https://www.netgate.com/docs/pfsense/book/openvpn/site-to-site-example-configuration-shared-key.html



  • @pfsensetest No not really.

    IPsec is what we currently have in place via netgear boxes. So, let's say, one of my netgear boxes puke. I would unplug the other one on the other side, and just use my PFsense Boxes with OPENvpn so the two buildings would see each other.

    It's purely a fail over measure at this point. I'll print your link out and read it.

    Thanks



  • Netgate pfSense VPN YouTube videos

    Intro to VPN and IPsec on pfSense
    https://www.youtube.com/watch?v=FHklKdUheSY

    Site to Site VPNs
    https://www.youtube.com/watch?v=fy95UPJxLqA

    Advanced OpenVPN Concepts on pfSense (2014)
    https://www.youtube.com/watch?v=PtZxuC9IyTg

    Advanced OpenVPN Concepts on pfSense 2.4
    https://www.youtube.com/watch?v=ku-fNfJJV7w



  • Well, I have connectivity between the two buildings. I found a 2 page instruction on the web, that really helped. Also, what made me think I wasn't seeing the buildings was the fact I coudn't ping either PFsense box. BUT, when I tried to ping devices such as my time clock in the remote building, If out that I could. I can also go to the remote site, and ping my servers in my building...

    I'll shut the remote site down until it's needed in the event my netgear boxes puke on me.

    Thanks for the guidance and help.