4. Site-to-site Tunnel with Fail-Over [SOLVED]

Site-to-site Tunnel with Fail-Over [SOLVED]

  • K

    Hello,

    I've setup 2 Pfsense with an Openvpn tunnel site-to-site. It is functional, traffic is OK.

    But, the tunnel don't connect through the right Internet link.

    On 1 Pfense (Openvpn server), I have a SDSL link with 6 IP addresses. On the other, I have 1 ADSL (WAN, 1 fixed IP address) and 1 SDSL (OPT1, 1 fixed IP address) link with fail-over (It doesn't work with load balancing or no FO/LB). The Openvpn tunnel must go through the SDSL link, but it doesn't (openvpn[445]: write UDPv4: Network is unreachable (code=51)), the OpenVPN link only works through the ADSL link.

    Any help/advice would be great, thanks

    0
  • Rebel Alliance Developer Netgate

    If you're on 1.2.3 you need to add "local x.x.x.x;" to the OpenVPN config where x.x.x.x is the router's IP on the SDSL side.

    You might also try switching to TCP instead of UDP if that alone doesn't fix it.

    It should work much better on 2.0 by just selecting the SDSL interface when making the OpenVPN instance.

    0
  • K

    I tried with TCP and local x.x.x.x on the 1st Pfsense box, but it doesn't work, the tunnel is still initiated through the ADSL link on the second Pfsense box.

    Same version on both sides, 1.2.3-RELEASE.

    0
  • Rebel Alliance Developer Netgate

    You might try adding a static route to the server's IP that goes out via the SDSL line at the multi-wan site.

    0
  • K

    There are all the necessary routes in both Pfsense boxes, configured par OpenVPN :

    Pfsense - Main site (SDSL, 109.x.x.x/29)

    
default 109.x.x.x UGS 0 9110429 1500 re0   
10.0.8.2 10.0.8.1 UH 1 0 1500 tun0   
109.x.x.x/29 link#1 UC 0 0 1500 re0   
109.x.x.x 00:ff:db:9e:ef:f0 UHLW 2 233480 1500 re0 1185 
127.0.0.1 127.0.0.1 UH 0 0 16384 lo0   
192.168.1.0/24 link#4 UC 0 2 1500 re3   
192.168.2.0/24 10.0.8.2 UGS 0 2029238 1500 tun0

    Pfsense - Site 1 (SDSL, 109.x.x.x/30 + ADSL, 90.x.x.x)

    
default 90.x.x.x UGS 0 3740249 1500 re0   
10.0.8.1 10.0.8.2 UH 1 0 1500 tun0   
90.x.x.0/24 link#1 UC 0 0 1500 re0   
90.x.x.x 127.0.0.1 UGHS 0 1390 16384 lo0   
90.x.x.x 00:22:6b:a9:b1:f6 UHLW 2 0 1500 re0 721 
109.x.x.x/30 link#2 UC 0 0 1500 re1   
109.x.x.x 00:ff:6e:51:db:8d UHLW 2 48810 1500 re1 1198 
127.0.0.1 127.0.0.1 UH 1 0 16384 lo0   
192.168.1.0/24 10.0.8.1 UGS 0 1586099 1500 tun0   
192.168.2.0/24 link#4 UC 0 0 1500 re3 
    0
  • K

    Ok, that was the solution.

    I added the routes in static routes in both Pfsense and the OpenVPN tunnel now goes through the SDSL lines. (I think only a static route in the distant site is required).

    Thanks !!

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy