OpenVPN Site 2 Site connection PFSence v1.0-RC3



  • I cannot get OpenVPN working.  Dont know what i'm doing wrong. Please help.
    I have 2 sites. 1 with dynamic IP and 1 with fixed IP.  Both PFSence 1.0-RC3 up and running.

    I want to bridge both site networks completly, so all servers on site1 <-> site2 can connect to eachother.

    Please help.  I've got IPSec working / PPTP working / only  OpenVPN i cannot get working and I want to try OpenVPN.

    My setup
    –----------------------

    Site1 (Fixed IP)

    PFSense IP 10.0.0.1 DHCP 10.0.0.50 - 100

    OpenVPN Server

    Tried TCP or UDP protocol
    Dynamic IP is on
    Port 1194
    Address Pool 10.0.10.0/24 (Also tried with 10.0.0.0/24)
    Remote Network 192.168.1.0./24
    Cryptography BG-CBC 128 Bit
    Shared Key: -----BEGIN OpenVPN Static Key V1-----
    secretblabla
    -----END OpenVPN Static key V1-----

    I assigned an interface to tun0

    On the Firewall Rules i opend 1194 TCP/UDP port
    And i allowed traffic for the tun0 interface to all


    Site2 (Dynamic IP)

    PFSense IP 192.168.1.1 DHCP 192.168.1.100 - 199

    OpenVPN Client

    Tried TCP or UDP protocol
    Server Address is domainname of OpenVPN Server (also tried with IP)
    Port 1194
    Interface IP 192.168.1.0/24
    Remote network 10.0.0.0/24
    Proxy Host blank
    Cryptography BG-CBC 128 Bit
    Shared Key: -----BEGIN OpenVPN Static Key V1-----
    secretblabla
    -----END OpenVPN Static key V1-----

    I assigned an interface to tun0

    On the Firewall Rules i opend 1194 TCP/UDP port
    And i allowed traffic for the tun0 interface to all


    Oct 3 10:19:48 openvpn[324]: Peer Connection Initiated with 217.136.***.***:1194
    Oct 3 10:19:40 openvpn[324]: UDPv4 link remote: 217.136.***.***:1194
    Oct 3 10:19:40 openvpn[324]: UDPv4 link local (bound): [undef]:1194
    Oct 3 10:19:35 openvpn[315]: /etc/rc.filter_configure tun0 1500 1544 192.168.1.2 192.168.1.1 init
    Oct 3 10:19:35 openvpn[315]: /sbin/ifconfig tun0 192.168.1.2 192.168.1.1 mtu 1500 netmask 255.255.255.255 up
    Oct 3 10:19:35 openvpn[315]: TUN/TAP device /dev/tun0 opened

    Ping or access to services on the other network is not possible.



  • Remove the tunX assignment, it is wrong, the documentation is completely wrong in this regard.



  • Everybody keeps saying not to map the tun0 interface but that seems to be the only way the two pfsense boxes will connect…  It is suppost to make a OVPN1 tab for firewall rules but that never appears.  Without the tab, you cant make any changes to the firewall for that interface.  This seems to keep the two boxes from even connecting with the error...

    openvpn[10409]: TCP: connect to xx.xxx.xxx.xxx:1194 failed, will try again in 5 seconds: Operation timed out (errno=60)

    This is driving me bonkers… When I map the tun0 interface I can access everything perfectly with a openVPN software client as well as from the console of the pfsense box.  I cannot seem to get pfsense to forward the traffic from my lan interface over the tunnel without turning on NAT on the tun0 interface.  I dont look at this as a good permanent solution since I am running SIP phones and such.  I have tried creating manual routes with no luck.

    Any help would be greatly appriciated.



  • Do NOT assign tun interfaces to pfSense interfaces, under ANY circunstance. If you're getting timeouts, you're missing a pass rule on WAN on your firewall rules or something like that. Again, I can't stress enough, DO NOT ASSIGN TUN INTERFACES!


Log in to reply