Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN site-to-site not working after configuration restore

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 449 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xuti
      last edited by

      Hi all,

      I've a lab with a pfSense 2.4.0 in a VM in VMWare. It is working OK. I am using two VPN site to site using OpenVPN, the lab side is the "server" and two remote sites are the "client". Both are working OK.

      Now I need to migrate the lab pfSense to another environment. I've installed a fresh clean pfSense 2.4.0 and after a basic config, I've restored the configuration of the working pfSense. All is restored, firewall rules, NAT, HAProxy, OpenVPN, etc... But one of the two VPN is not working. Both are configured the same way, one is working, the other doesn't.

      I am using shared passphrase for both, no certificate is involved. I don't understand why one is working and the other does not.

      Any suggestion? Thanks a lot!

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Settings? Logfiles?

        -Rico

        1 Reply Last reply Reply Quote 0
        • calvinsteelC
          calvinsteel Banned
          last edited by

          Check your settings or might be you didn't configure proper.

          1 Reply Last reply Reply Quote 0
          • X
            xuti
            last edited by

            These are the logs in the lab side, where the pfSense has been migrated:

            Mar 24 16:54:30 openvpn 11712 UDPv4 link remote: [AF_UNSPEC]
            Mar 24 16:54:30 openvpn 11712 UDPv4 link local (bound): [AF_INET]192.168.0.66:1196
            Mar 24 16:54:30 openvpn 11712 /usr/local/sbin/ovpn-linkup ovpns3 1500 1560 192.168.170.1 192.168.170.2 init
            Mar 24 16:54:30 openvpn 11712 /sbin/ifconfig ovpns3 192.168.170.1 192.168.170.2 mtu 1500 netmask 255.255.255.255 up
            Mar 24 16:54:30 openvpn 11712 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
            Mar 24 16:54:30 openvpn 11712 ioctl(TUNSIFMODE): Device busy (errno=16)
            Mar 24 16:54:30 openvpn 11712 TUN/TAP device /dev/tun3 opened
            Mar 24 16:54:30 openvpn 11712 TUN/TAP device ovpns3 exists previously, keep at program end
            Mar 24 16:54:30 openvpn 11712 GDG: problem writing to routing socket
            Mar 24 16:54:30 openvpn 11712 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

            And these are the logs in the client side, the pfSense that is not touched ("client"):

            Mar 24 15:57:52 openvpn 11694 UDPv4 link remote: [AF_INET]81.184.114.108:1196
            Mar 24 15:57:52 openvpn 11694 UDPv4 link local (bound): [AF_INET]163.172.30.171:1196
            Mar 24 15:57:52 openvpn 11694 Preserving previous TUN/TAP instance: ovpnc1
            Mar 24 15:57:52 openvpn 11694 Re-using pre-shared static key
            Mar 24 15:57:52 openvpn 11694 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
            Mar 24 15:57:50 openvpn 11694 SIGUSR1[soft,ping-restart] received, process restarting
            Mar 24 15:57:50 openvpn 11694 Inactivity timeout (--ping-restart), restarting

            This is the network configuration of the interfaces. ABCloud01 is the failing one.

            563a4050-e9bb-455b-bd40-c86dd253ed71-image.png

            Thanks

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.