Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Site 2 Site connection PFSence v1.0-RC3

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 4 Posters 8.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pisang98
      last edited by

      I cannot get OpenVPN working.  Dont know what i'm doing wrong. Please help.
      I have 2 sites. 1 with dynamic IP and 1 with fixed IP.  Both PFSence 1.0-RC3 up and running.

      I want to bridge both site networks completly, so all servers on site1 <-> site2 can connect to eachother.

      Please help.  I've got IPSec working / PPTP working / only  OpenVPN i cannot get working and I want to try OpenVPN.

      My setup
      –----------------------

      Site1 (Fixed IP)

      PFSense IP 10.0.0.1 DHCP 10.0.0.50 - 100

      OpenVPN Server

      Tried TCP or UDP protocol
      Dynamic IP is on
      Port 1194
      Address Pool 10.0.10.0/24 (Also tried with 10.0.0.0/24)
      Remote Network 192.168.1.0./24
      Cryptography BG-CBC 128 Bit
      Shared Key: -----BEGIN OpenVPN Static Key V1-----
      secretblabla
      -----END OpenVPN Static key V1-----

      I assigned an interface to tun0

      On the Firewall Rules i opend 1194 TCP/UDP port
      And i allowed traffic for the tun0 interface to all


      Site2 (Dynamic IP)

      PFSense IP 192.168.1.1 DHCP 192.168.1.100 - 199

      OpenVPN Client

      Tried TCP or UDP protocol
      Server Address is domainname of OpenVPN Server (also tried with IP)
      Port 1194
      Interface IP 192.168.1.0/24
      Remote network 10.0.0.0/24
      Proxy Host blank
      Cryptography BG-CBC 128 Bit
      Shared Key: -----BEGIN OpenVPN Static Key V1-----
      secretblabla
      -----END OpenVPN Static key V1-----

      I assigned an interface to tun0

      On the Firewall Rules i opend 1194 TCP/UDP port
      And i allowed traffic for the tun0 interface to all


      Oct 3 10:19:48 openvpn[324]: Peer Connection Initiated with 217.136..:1194
      Oct 3 10:19:40 openvpn[324]: UDPv4 link remote: 217.136..:1194
      Oct 3 10:19:40 openvpn[324]: UDPv4 link local (bound): [undef]:1194
      Oct 3 10:19:35 openvpn[315]: /etc/rc.filter_configure tun0 1500 1544 192.168.1.2 192.168.1.1 init
      Oct 3 10:19:35 openvpn[315]: /sbin/ifconfig tun0 192.168.1.2 192.168.1.1 mtu 1500 netmask 255.255.255.255 up
      Oct 3 10:19:35 openvpn[315]: TUN/TAP device /dev/tun0 opened

      Ping or access to services on the other network is not possible.

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        Remove the tunX assignment, it is wrong, the documentation is completely wrong in this regard.

        1 Reply Last reply Reply Quote 0
        • D
          dvmoser
          last edited by

          Everybody keeps saying not to map the tun0 interface but that seems to be the only way the two pfsense boxes will connect…  It is suppost to make a OVPN1 tab for firewall rules but that never appears.  Without the tab, you cant make any changes to the firewall for that interface.  This seems to keep the two boxes from even connecting with the error...

          openvpn[10409]: TCP: connect to xx.xxx.xxx.xxx:1194 failed, will try again in 5 seconds: Operation timed out (errno=60)

          This is driving me bonkers… When I map the tun0 interface I can access everything perfectly with a openVPN software client as well as from the console of the pfsense box.  I cannot seem to get pfsense to forward the traffic from my lan interface over the tunnel without turning on NAT on the tun0 interface.  I dont look at this as a good permanent solution since I am running SIP phones and such.  I have tried creating manual routes with no luck.

          Any help would be greatly appriciated.

          1 Reply Last reply Reply Quote 0
          • F
            fernandotcl
            last edited by

            Do NOT assign tun interfaces to pfSense interfaces, under ANY circunstance. If you're getting timeouts, you're missing a pass rule on WAN on your firewall rules or something like that. Again, I can't stress enough, DO NOT ASSIGN TUN INTERFACES!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.