Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site-to-Site OpenVPN problem on 2.7.0

    Scheduled Pinned Locked Moved
    OpenVPN
    1
    2
    264
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mslauria @michaelschefczyk
      last edited by

      @michaelschefczyk I had the same issue after upgrading 2.6.0 to 2.7.0 then I rebuilt from scratch the 2.7.0
      configured the VPN as SSL/TLS with no hopes to make it work, so I configured again as Shared Key and it worked
      then I started to add one by one all the other stuff that I had on the firewall and when I added
      the OpenVPN Server (as sometimes I have to connect to the office from home) the site to site VPN stopped working
      it's clearly a routing problem because if I disable the OpenVPN Server and I disconnect and reconnect the VPN client
      routing starts working again.
      Moreover if I enable the VPN Server and I connect to it I can access the remote server LAN while the
      local LAN stops working :-)
      the subnets are correct and the configuration worked smoothly for several years.
      Kind Regards
      Marco

      M 1 Reply Last reply Reply Quote 2
      • M
        mslauria @michaelschefczyk
        last edited by

        @michaelschefczyk I started from zero added everything from zero as it was a branch office Firewall with just 2 users and this configurazione:
        OpenVPN Access Server (for when I need to access my other servers and I'm not in the office or at home as I limit my firewall/servers and my customers one only to my own IPs)
        One OpenVPN Server Site To Site Shared Key where one pfsense in cloud was connection (stopped working)
        One OpenVPN CLient to the main site with PfSense with shared key which stopped working.

        So I started from zero
        I added just Openvpn Client as SSL/TLS and in NO WAY I could make it working and the certificates are ok, if from the firewall I ping the other side it's working
        just it does not rotate from LAN through the VPN.
        I disabled it and I configured Clied as Shared Key and BUM IT WAS WORKING.
        So I started to add users, Nat Rules and lalalalal.
        It was working...
        Then I added first Server (Remote access) and... it stopped working...
        if I disable the Remote Access server and I rtestart the client connection it works again.
        it's evidently a problem of routing and the subnets are all UNCOMMON and all DIFFERENT as they have always been.
        I don't know what did they mess up but surely the fact that SSL/TLS site to site is broken is something abnormal ❌
        moreover they tell that SHARED KEY IS DEPRECATED and we should implement SSL/TLS
        and they break the new one...
        Moreover to whom can we ask?
        No one knows...

        1 Reply Last reply Reply Quote 1
        • First post
          Last post