OpenVPN Site 2 Site connection PFSence v1.0-RC3

pisang98

I cannot get OpenVPN working.  Dont know what i'm doing wrong. Please help.
I have 2 sites. 1 with dynamic IP and 1 with fixed IP.  Both PFSence 1.0-RC3 up and running.

I want to bridge both site networks completly, so all servers on site1 <-> site2 can connect to eachother.

Please help.  I've got IPSec working / PPTP working / only  OpenVPN i cannot get working and I want to try OpenVPN.

My setup
–----------------------

Site1 (Fixed IP)

PFSense IP 10.0.0.1 DHCP 10.0.0.50 - 100

OpenVPN Server

Tried TCP or UDP protocol
Dynamic IP is on
Port 1194
Address Pool 10.0.10.0/24 (Also tried with 10.0.0.0/24)
Remote Network 192.168.1.0./24
Cryptography BG-CBC 128 Bit
Shared Key: -----BEGIN OpenVPN Static Key V1-----
secretblabla
-----END OpenVPN Static key V1-----

I assigned an interface to tun0

On the Firewall Rules i opend 1194 TCP/UDP port
And i allowed traffic for the tun0 interface to all

---

Site2 (Dynamic IP)

PFSense IP 192.168.1.1 DHCP 192.168.1.100 - 199

OpenVPN Client

Tried TCP or UDP protocol
Server Address is domainname of OpenVPN Server (also tried with IP)
Port 1194
Interface IP 192.168.1.0/24
Remote network 10.0.0.0/24
Proxy Host blank
Cryptography BG-CBC 128 Bit
Shared Key: -----BEGIN OpenVPN Static Key V1-----
secretblabla
-----END OpenVPN Static key V1-----

I assigned an interface to tun0

On the Firewall Rules i opend 1194 TCP/UDP port
And i allowed traffic for the tun0 interface to all

---

Oct 3 10:19:48 openvpn[324]: Peer Connection Initiated with 217.136..:1194
Oct 3 10:19:40 openvpn[324]: UDPv4 link remote: 217.136..:1194
Oct 3 10:19:40 openvpn[324]: UDPv4 link local (bound): [undef]:1194
Oct 3 10:19:35 openvpn[315]: /etc/rc.filter_configure tun0 1500 1544 192.168.1.2 192.168.1.1 init
Oct 3 10:19:35 openvpn[315]: /sbin/ifconfig tun0 192.168.1.2 192.168.1.1 mtu 1500 netmask 255.255.255.255 up
Oct 3 10:19:35 openvpn[315]: TUN/TAP device /dev/tun0 opened

Ping or access to services on the other network is not possible.

sullrich

Remove the tunX assignment, it is wrong, the documentation is completely wrong in this regard.

dvmoser

Everybody keeps saying not to map the tun0 interface but that seems to be the only way the two pfsense boxes will connect…  It is suppost to make a OVPN1 tab for firewall rules but that never appears.  Without the tab, you cant make any changes to the firewall for that interface.  This seems to keep the two boxes from even connecting with the error...

openvpn[10409]: TCP: connect to xx.xxx.xxx.xxx:1194 failed, will try again in 5 seconds: Operation timed out (errno=60)

This is driving me bonkers… When I map the tun0 interface I can access everything perfectly with a openVPN software client as well as from the console of the pfsense box.  I cannot seem to get pfsense to forward the traffic from my lan interface over the tunnel without turning on NAT on the tun0 interface.  I dont look at this as a good permanent solution since I am running SIP phones and such.  I have tried creating manual routes with no luck.

Any help would be greatly appriciated.

fernandotcl

Do NOT assign tun interfaces to pfSense interfaces, under ANY circunstance. If you're getting timeouts, you're missing a pass rule on WAN on your firewall rules or something like that. Again, I can't stress enough, DO NOT ASSIGN TUN INTERFACES!