Site-to-Site Network Not connecting
-
Hello, everyone. I have basically been searching for a solution to this problem and couldnt find anything definitive.
What I want to do:
Connect 2 offices via site-to-site openvpn. The users from office 2 should be able to connect to the fileserver and see clients on office 1 (SERVER). I used the pfsense book and followed most of what I from the book.
Current Situation:
Office A: 10.1.1.0/24 (SERVER)
VPN Range: 172.31.55.0/30
Connection Type: PPPoe
3 VIPs (Proxy Arp) (Firewall is set to use one, VPN another)Advanced Outgoing NAT:
WAN 172.31.55.0/30 * * * * *
WAN 10.1.1.0/24 * * * * 61.X.X.X (Public IP of firewall)openvpn[401]: UDPv4 link remote: [undef] Jul 12 00:17:23 openvpn[401]: UDPv4 link local (bound): [undef]:21194 Jul 12 00:17:22 openvpn[401]: /etc/rc.filter_configure tun0 1500 1561 172.31.55.1 172.31.55.2 init Jul 12 00:17:22 openvpn[401]: /sbin/ifconfig tun0 172.31.55.1 172.31.55.2 mtu 1500 netmask 255.255.255.255 up Jul 12 00:17:22 openvpn[401]: TUN/TAP device /dev/tun0 opened Jul 12 00:17:22 openvpn[401]: OFFICE2 202.X.X.X Jul 12 00:17:22 openvpn[401]: LZO compression initialized Jul 12 00:17:22 openvpn[401]: WARNING: file '/var/etc/openvpn_server0.secret' is group or others accessible Jul 12 00:17:20 openvpn[401]: OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL] [LZO] built on Dec 4 2009 Jul 12 00:17:20 openvpn[401]: SIGHUP[hard,] received, process restarting Jul 12 00:17:20 openvpn[401]: /etc/rc.filter_configure tun0 1500 1561 172.31.55.1 172.31.55.2 init Jul 12 00:17:20 openvpn[401]: event_wait : Interrupted system call (code=4) Jul 12 00:16:57 openvpn[401]: UDPv4 link remote: [undef] Jul 12 00:16:57 openvpn[401]: UDPv4 link local (bound): [undef]:21194 Jul 12 00:16:56 openvpn[392]: /etc/rc.filter_configure tun0 1500 1561 172.31.55.1 172.31.55.2 init Jul 12 00:16:56 openvpn[392]: /sbin/ifconfig tun0 172.31.55.1 172.31.55.2 mtu 1500 netmask 255.255.255.255 up Jul 12 00:16:56 openvpn[392]: TUN/TAP device /dev/tun0 opened Jul 12 00:16:56 openvpn[392]: OFFICE2 202.X.X.X Jul 12 00:16:56 openvpn[392]: LZO compression initialized Jul 12 00:16:56 openvpn[392]: WARNING: file '/var/etc/openvpn_server0.secret' is group or others accessible Jul 12 00:16:56 openvpn[392]: OpenVPN 2.0.6 i386-portbld-freebsd7.2 [SSL] [LZO] built on Dec 4 2009
–-----------------------------------
Office B: 10.1.2.0/24 (CLIENT)
Connection Type: PPPoe
VPN Range: 172.31.55.0/30
1 VIP (Proxy Arp)Jul 12 00:20:04 openvpn[383]: SIGUSR1[soft,ping-restart] received, process restarting Jul 12 00:20:04 openvpn[383]: Inactivity timeout (--ping-restart), restarting Jul 12 00:18:04 openvpn[383]: UDPv4 link remote: 61.X.X.X:21194 (OFFICE1 SERVER) Jul 12 00:18:04 openvpn[383]: UDPv4 link local (bound): [undef]:1194 Jul 12 00:18:04 openvpn[383]: Preserving previous TUN/TAP instance: tun0 Jul 12 00:18:04 openvpn[383]: LZO compression initialized Jul 12 00:18:04 openvpn[383]: Re-using pre-shared static key Jul 12 00:18:02 openvpn[383]: SIGUSR1[soft,ping-restart] received, process restarting Jul 12 00:18:02 openvpn[383]: Inactivity timeout (--ping-restart), restarting
Im not sure if im missing something, or if there is a part of my setup that is wrong. All of the firewall rules have been setup and double checked. Any attempts to ping across the VPN fail. I would be grateful for any help that could be provided to point me in the right direction. Thanks in advance for your time and please let me know if i neglected to post some pertinent info.
-
ExpJ,
I also have the exact same issue. Site-to-Site followed exactly what the book said. In the book for the client configuration, the "Interface IP" is not specified but it is requred in pf1.2.3. How did you get past that?
Did you figure out how to get your site-to-site to work? Any help will be greatly appreciated.
Thank you!
-
Site-to-Site followed exactly what the book said. In the book for the client configuration, the "Interface IP" is not specified but it is requred in pf1.2.3. How did you get past that?
There was an issue in the book, you might need to read errata #2 here:
http://www.reedmedia.net/books/pfsense/errata.html