Site-to-Site Network Not connecting



  • Hello, everyone. I have basically been searching for a solution to this problem and couldnt find anything definitive.

    What I want to do:

    Connect 2 offices via site-to-site openvpn. The users from office 2 should be able to connect to the fileserver and see clients on office 1 (SERVER). I used the pfsense book and followed most of what I from the book.

    Current Situation:

    Office A: 10.1.1.0/24 (SERVER)
    VPN Range: 172.31.55.0/30
    Connection Type: PPPoe
    3 VIPs (Proxy Arp) (Firewall is set to use one, VPN another)

    Advanced Outgoing NAT:
    WAN  172.31.55.0/30 * * * * *
    WAN  10.1.1.0/24    * * * * 61.X.X.X (Public IP of firewall)

    openvpn[401]: UDPv4 link remote: [undef]
    Jul 12 00:17:23	openvpn[401]: UDPv4 link local (bound): [undef]:21194
    Jul 12 00:17:22	openvpn[401]: /etc/rc.filter_configure tun0 1500 1561 172.31.55.1 172.31.55.2 init
    Jul 12 00:17:22	openvpn[401]: /sbin/ifconfig tun0 172.31.55.1 172.31.55.2 mtu 1500 netmask 255.255.255.255 up
    Jul 12 00:17:22	openvpn[401]: TUN/TAP device /dev/tun0 opened
    Jul 12 00:17:22	openvpn[401]: OFFICE2 202.X.X.X
    Jul 12 00:17:22	openvpn[401]: LZO compression initialized
    Jul 12 00:17:22	openvpn[401]: WARNING: file '/var/etc/openvpn_server0.secret' is group or others accessible
    Jul 12 00:17:20	openvpn[401]: OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL] [LZO] built on Dec 4 2009
    Jul 12 00:17:20	openvpn[401]: SIGHUP[hard,] received, process restarting
    Jul 12 00:17:20	openvpn[401]: /etc/rc.filter_configure tun0 1500 1561 172.31.55.1 172.31.55.2 init
    Jul 12 00:17:20	openvpn[401]: event_wait : Interrupted system call (code=4)
    Jul 12 00:16:57	openvpn[401]: UDPv4 link remote: [undef]
    Jul 12 00:16:57	openvpn[401]: UDPv4 link local (bound): [undef]:21194
    Jul 12 00:16:56	openvpn[392]: /etc/rc.filter_configure tun0 1500 1561 172.31.55.1 172.31.55.2 init
    Jul 12 00:16:56	openvpn[392]: /sbin/ifconfig tun0 172.31.55.1 172.31.55.2 mtu 1500 netmask 255.255.255.255 up
    Jul 12 00:16:56	openvpn[392]: TUN/TAP device /dev/tun0 opened
    Jul 12 00:16:56	openvpn[392]: OFFICE2 202.X.X.X
    Jul 12 00:16:56	openvpn[392]: LZO compression initialized
    Jul 12 00:16:56	openvpn[392]: WARNING: file '/var/etc/openvpn_server0.secret' is group or others accessible
    Jul 12 00:16:56	openvpn[392]: OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL] [LZO] built on Dec 4 2009
    

    –-----------------------------------
    Office B: 10.1.2.0/24 (CLIENT)
    Connection Type: PPPoe
    VPN Range: 172.31.55.0/30
    1 VIP (Proxy Arp)

    Jul 12 00:20:04	openvpn[383]: SIGUSR1[soft,ping-restart] received, process restarting
    Jul 12 00:20:04	openvpn[383]: Inactivity timeout (--ping-restart), restarting
    Jul 12 00:18:04	openvpn[383]: UDPv4 link remote: 61.X.X.X:21194 (OFFICE1 SERVER)
    Jul 12 00:18:04	openvpn[383]: UDPv4 link local (bound): [undef]:1194
    Jul 12 00:18:04	openvpn[383]: Preserving previous TUN/TAP instance: tun0
    Jul 12 00:18:04	openvpn[383]: LZO compression initialized
    Jul 12 00:18:04	openvpn[383]: Re-using pre-shared static key
    Jul 12 00:18:02	openvpn[383]: SIGUSR1[soft,ping-restart] received, process restarting
    Jul 12 00:18:02	openvpn[383]: Inactivity timeout (--ping-restart), restarting
    

    Im not sure if im missing something, or if there is a part of my setup that is wrong. All of the firewall rules have been setup and double checked. Any attempts to ping across the VPN fail. I would be grateful for any help that could be provided to point me in the right direction. Thanks in advance for your time and please let me know if i neglected to post some pertinent info.



  • ExpJ,

    I also have the exact same issue. Site-to-Site followed exactly what the book said. In the book for the client configuration, the "Interface IP" is not specified but it is requred in pf1.2.3. How did you get past that?

    Did you figure out how to get your site-to-site to work? Any help will be greatly appreciated.

    Thank you!


  • Rebel Alliance Developer Netgate

    @dolbie2:

    Site-to-Site followed exactly what the book said. In the book for the client configuration, the "Interface IP" is not specified but it is requred in pf1.2.3. How did you get past that?

    There was an issue in the book, you might need to read errata #2 here:
    http://www.reedmedia.net/books/pfsense/errata.html


Log in to reply