Site-to-site Tunnel with Fail-Over [SOLVED]

OpenVPN
Log in to reply
  • K

    Hello,

    I've setup 2 Pfsense with an Openvpn tunnel site-to-site. It is functional, traffic is OK.

    But, the tunnel don't connect through the right Internet link.

    On 1 Pfense (Openvpn server), I have a SDSL link with 6 IP addresses. On the other, I have 1 ADSL (WAN, 1 fixed IP address) and 1 SDSL (OPT1, 1 fixed IP address) link with fail-over (It doesn't work with load balancing or no FO/LB). The Openvpn tunnel must go through the SDSL link, but it doesn't (openvpn[445]: write UDPv4: Network is unreachable (code=51)), the OpenVPN link only works through the ADSL link.

    Any help/advice would be great, thanks

    0
  • jimp
    Rebel Alliance Developer Netgate

    If you're on 1.2.3 you need to add "local x.x.x.x;" to the OpenVPN config where x.x.x.x is the router's IP on the SDSL side.

    You might also try switching to TCP instead of UDP if that alone doesn't fix it.

    It should work much better on 2.0 by just selecting the SDSL interface when making the OpenVPN instance.

    0
  • K

    I tried with TCP and local x.x.x.x on the 1st Pfsense box, but it doesn't work, the tunnel is still initiated through the ADSL link on the second Pfsense box.

    Same version on both sides, 1.2.3-RELEASE.

    0
  • jimp
    Rebel Alliance Developer Netgate

    You might try adding a static route to the server's IP that goes out via the SDSL line at the multi-wan site.

    0
  • K

    There are all the necessary routes in both Pfsense boxes, configured par OpenVPN :

    Pfsense - Main site (SDSL, 109.x.x.x/29)

    
default 109.x.x.x UGS 0 9110429 1500 re0   
10.0.8.2 10.0.8.1 UH 1 0 1500 tun0   
109.x.x.x/29 link#1 UC 0 0 1500 re0   
109.x.x.x 00:ff:db:9e:ef:f0 UHLW 2 233480 1500 re0 1185 
127.0.0.1 127.0.0.1 UH 0 0 16384 lo0   
192.168.1.0/24 link#4 UC 0 2 1500 re3   
192.168.2.0/24 10.0.8.2 UGS 0 2029238 1500 tun0

    Pfsense - Site 1 (SDSL, 109.x.x.x/30 + ADSL, 90.x.x.x)

    
default 90.x.x.x UGS 0 3740249 1500 re0   
10.0.8.1 10.0.8.2 UH 1 0 1500 tun0   
90.x.x.0/24 link#1 UC 0 0 1500 re0   
90.x.x.x 127.0.0.1 UGHS 0 1390 16384 lo0   
90.x.x.x 00:22:6b:a9:b1:f6 UHLW 2 0 1500 re0 721 
109.x.x.x/30 link#2 UC 0 0 1500 re1   
109.x.x.x 00:ff:6e:51:db:8d UHLW 2 48810 1500 re1 1198 
127.0.0.1 127.0.0.1 UH 1 0 16384 lo0   
192.168.1.0/24 10.0.8.1 UGS 0 1586099 1500 tun0   
192.168.2.0/24 link#4 UC 0 0 1500 re3 
    0
  • K

    Ok, that was the solution.

    I added the routes in static routes in both Pfsense and the OpenVPN tunnel now goes through the SDSL lines. (I think only a static route in the distant site is required).

    Thanks !!

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy