Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Site-to-site openvpn errors, possible via client/server mode?

    2.0-RC Snapshot Feedback and Problems - RETIRED
    1
    1
    1546
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mxx last edited by

      Hi,

      My pfsense box at home now connects to a remote pfsense configured as peer to peer (unchecked client-to-client as suggested in the thread by SpaceBass, thank you!).
      I wanted to achieve that a server in a different subnet in my home network would be reachable by any host in the remote network.

      It didn't work in client/server mode though (not even to ping my pfsense box from the remote pfsense itself), which did when doing that manually before (connecting via openvpn in client mode to a openvpn running in server mode in the remote network, iroute et.c.).
      Why is that?

      Another question: though it does work now, I get these warnings and errors in the OpenVPN log on my side:

      Code:

      Jul 2 13:08:16 openvpn[21533]: Initialization Sequence Completed
      Jul 2 13:08:16 openvpn[21533]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
      Jul 2 13:08:16 openvpn[21533]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.0.10.2 10.0.10.1 init
      Jul 2 13:08:16 openvpn[21533]: /sbin/ifconfig ovpnc1 10.0.10.2 10.0.10.1 mtu 1500 netmask 255.255.255.255 up
      Jul 2 13:08:16 openvpn[21533]: do_ifconfig, tt->ipv6=0
      Jul 2 13:08:16 openvpn[21533]: TUN/TAP device /dev/tun1 opened
      Jul 2 13:08:14 openvpn[21533]: [pfsense.dap1.example.com] Peer Connection Initiated with [AF_INET] <remotewanip>:12002
      Jul 2 13:08:14 openvpn[21533]: WARNING: 'ifconfig' is present in remote config but missing in local config, remote='ifconfig 10.0.10.2 10.0.10.1'

      Especially regarding the last entry (actually the first as it's reverse )
      Does anyone know what's about that? Ifconfig is missing in local config? I explicitly specified the tunnel network on my client (=local config I suppose?), but the log entry is telling me that I didn't? Am I misinterpreting this message?
      This warning is repeated in intervals in the openvpn log.

      I'm wondering why I didn't get this setup to work using client/server though:

      It did work only into one direction. My pfsense box could ping any host in the remote network, but the remote network, even remote-pfsense itself was unable to even ping my box at all (although I setup rules in my client and remote box to allow all openvpn traffic from any source to any).
      I checked the routing table and I saw routes set up on the remote pfsense to my openvpn ip. But again.. it didn't work till I configured the server and "client" in a peer-to-peer mode.

      I'm also curious as to how I should set all that up in order to also being able to reach other OpenVPN Clients. Would I need a seperate tunnel configured client<-> server with "client-to-client" then? Or is this  all possible with only one tunnel?

      Thanks a lot for any help!

      Max</remotewanip>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense Plus
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy