Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVpn Site-Site not working

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      crazybernie
      last edited by

      Hi,

      I've just moved to Pfsense. I've got two router that are both perfectly fine performing NAt for 2 lans

      My second goal was to have a site-site vpn using OpenVpn. I've done this before with other software and always worked perfectly however this time I can't seem to get it working:

      I always get the error:
      That the remote options are not the expected ones.

      For info the client logs using VERB 7 as an additional parameter to generate more logfiles.

      Server log:
      Apr 20 22:32:35 openvpn[23871]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock
      Apr 20 22:32:35 openvpn[23871]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Apr 20 22:32:35 openvpn[23871]: PID packet_id_init seq_backtrack=64 time_backtrack=15
      Apr 20 22:32:35 openvpn[23871]: ******* WARNING *******: null cipher specified, no encryption will be used
      Apr 20 22:32:35 openvpn[23871]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Apr 20 22:32:35 openvpn[23871]: Static Encrypt: HMAC KEY: 4441f40d 77e49aae e9979622 29a33a97 d286effe
      Apr 20 22:32:35 openvpn[23871]: Static Encrypt: HMAC size=20 block_size=64
      Apr 20 22:32:35 openvpn[23871]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Apr 20 22:32:35 openvpn[23871]: Static Decrypt: HMAC KEY: 4441f40d 77e49aae e9979622 29a33a97 d286effe
      Apr 20 22:32:35 openvpn[23871]: Static Decrypt: HMAC size=20 block_size=64
      Apr 20 22:32:35 openvpn[23871]: LZO compression initialized
      Apr 20 22:32:35 openvpn[23871]: MTU DYNAMIC mtu=1450, flags=2, 1529 -> 1450
      Apr 20 22:32:35 openvpn[23871]: Socket Buffers: R=[42080->65536] S=[57344->65536]
      Apr 20 22:32:35 openvpn[23871]: ROUTE default_gateway=SERVER_GATEWAY
      Apr 20 22:32:35 openvpn[23871]: TUN/TAP device /dev/tun1 opened
      Apr 20 22:32:35 openvpn[23871]: do_ifconfig, tt->ipv6=0
      Apr 20 22:32:35 openvpn[23871]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up
      Apr 20 22:32:35 openvpn[23871]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1529 10.0.8.1 10.0.8.2 init
      Apr 20 22:32:35 openvpn[23871]: /sbin/route add -net 192.168.2.0 10.0.8.2 255.255.255.0
      Apr 20 22:32:35 openvpn[23871]: Data Channel MTU parms [ L:1529 D:1450 EF:29 EB:135 ET:0 EL:0 AF:14/29 ]
      Apr 20 22:32:36 openvpn[23871]: Local Options String: 'V4,dev-type tun,link-mtu 1529,tun-mtu 1500,proto UDPv4,ifconfig 10.0.8.2 10.0.8.1,comp-lzo,cipher [null-cipher],auth SHA1,keysize 0,secret'
      Apr 20 22:32:36 openvpn[23871]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1529,tun-mtu 1500,proto UDPv4,ifconfig 10.0.8.1 10.0.8.2,comp-lzo,cipher [null-cipher],auth SHA1,keysize 0,secret'
      Apr 20 22:32:36 openvpn[23871]: Local Options hash (VER=V4): '98e351ba'
      Apr 20 22:32:36 openvpn[23871]: Expected Remote Options hash (VER=V4): '38c9ff18'
      Apr 20 22:32:36 openvpn[28194]: UDPv4 link local (bound): [AF_INET]SERVER IP:1194
      Apr 20 22:32:36 openvpn[28194]: UDPv4 link remote: [undef]
      Apr 20 22:32:36 openvpn[28194]: SENT PING
      Apr 20 22:32:41 openvpn[28194]: TUN READ [52]
      Apr 20 22:32:41 openvpn[28194]: MSS: 1460 -> 1381
      Apr 20 22:32:44 openvpn[28194]: TUN READ [52]
      Apr 20 22:32:44 openvpn[28194]: MSS: 1460 -> 1381
      Apr 20 22:32:46 openvpn[28194]: SENT PING
      Apr 20 22:32:50 openvpn[28194]: TUN READ [48]
      Apr 20 22:32:50 openvpn[28194]: MSS: 1460 -> 1381

      Client log:
      Apr 20 20:37:04 openvpn[44803]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Apr 20 20:37:04 openvpn[44803]: PID packet_id_init seq_backtrack=64 time_backtrack=15
      Apr 20 20:37:04 openvpn[44803]: Re-using pre-shared static key
      Apr 20 20:37:04 openvpn[44803]: LZO compression initialized
      Apr 20 20:37:04 openvpn[44803]: MTU DYNAMIC mtu=1450, flags=2, 1529 -> 1450
      Apr 20 20:37:04 openvpn[44803]: Socket Buffers: R=[42080->65536] S=[57344->65536]
      Apr 20 20:37:04 openvpn[44803]: RESOLVE_REMOTE flags=0x0501 phase=1 rrs=0 sig=-1 status=1
      Apr 20 20:37:04 openvpn[44803]: Preserving previous TUN/TAP instance: ovpnc1
      Apr 20 20:37:04 openvpn[44803]: Data Channel MTU parms [ L:1529 D:1450 EF:29 EB:135 ET:0 EL:0 AF:14/29 ]
      Apr 20 20:37:04 openvpn[44803]: Local Options String: 'V4,dev-type tun,link-mtu 1529,tun-mtu 1500,proto UDPv4,ifconfig 10.0.8.2 10.0.8.1,comp-lzo,cipher [null-cipher],auth SHA1,keysize 0,secret'
      Apr 20 20:37:04 openvpn[44803]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1529,tun-mtu 1500,proto UDPv4,ifconfig 10.0.8.1 10.0.8.2,comp-lzo,cipher [null-cipher],auth SHA1,keysize 0,secret'
      Apr 20 20:37:04 openvpn[44803]: Local Options hash (VER=V4): '98e351ba'
      Apr 20 20:37:04 openvpn[44803]: Expected Remote Options hash (VER=V4): '38c9ff18'
      Apr 20 20:37:04 openvpn[44803]: UDPv4 link local (bound): [AF_INET]217.19.22.209
      Apr 20 20:37:04 openvpn[44803]: UDPv4 link remote: [AF_INET]SERVER IP:1194
      Apr 20 20:37:04 openvpn[44803]: SENT PING
      Apr 20 20:37:04 openvpn[44803]: UDPv4 WRITE [45] to [AF_INET]SERVER IP:1194: DATA len=45
      Apr 20 20:37:10 openvpn[44803]: TUN READ [95]
      Apr 20 20:37:10 openvpn[44803]: UDPv4 WRITE [124] to [AF_INET]SERVER IP:1194: DATA len=124
      Apr 20 20:37:11 openvpn[44803]: TUN READ [95]
      Apr 20 20:37:11 openvpn[44803]: UDPv4 WRITE [124] to [AF_INET]SERVER IP:1194: DATA len=124
      Apr 20 20:37:12 openvpn[44803]: TUN READ [95]
      Apr 20 20:37:12 openvpn[44803]: UDPv4 WRITE [124] to [AF_INET]SERVER IP:1194: DATA len=124
      Apr 20 20:37:14 openvpn[44803]: TUN READ [95]
      Apr 20 20:37:14 openvpn[44803]: UDPv4 WRITE [124] to [AF_INET]SERVER IP:1194: DATA len=124
      Apr 20 20:37:14 openvpn[44803]: UDPv4 WRITE [46] to [AF_INET]SERVER IP:1194: DATA len=46
      Apr 20 20:37:18 openvpn[44803]: TUN READ [95]
      Apr 20 20:37:18 openvpn[44803]: UDPv4 WRITE [124] to [AF_INET]SERVER IP:1194: DATA len=

      I've tried with and without shared key, and on the client side as TUN or TAP but nothing works.

      Anybody any suggestions?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        We'd need to see exactly how you have the client and server configured to offer much in the way of help. Screenshots of the config pages would be nice, as well as the contents of /var/etc/openvpn/*.conf for the server/client.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          crazybernie
          last edited by

          Problem solved in a way.

          When I moved to SSL/TLS VPN with a certificate on both ends the tunnel worked perfectly, without making any other changes.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.