Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN Site to Site

    OpenVPN
    4
    11
    3445
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rem2500 last edited by

      Hey everyone,

      I followed the OpenVPN site to site guide to create a tunnel between my 2 pfsense boxes and I see that the client box says the connection is up.  However I cannot ping other hosts through the tunnel.  Any ideas here?

      Thanks
      Ben

      1 Reply Last reply Reply Quote 0
      • Cry Havok
        Cry Havok last edited by

        The normal problem is that you haven't correctly configured the routes. Do all the computers on both sides use the pfSense hosts for their default gateway? If not have you manually configured the appropriate routes?

        1 Reply Last reply Reply Quote 0
        • R
          rem2500 last edited by

          Hi.  Thanks for your reply.

          Yes I have the machines set to use the pfsense boxes as their gateways.  I always have the firewall rules set as state in the document but still no luck.

          Thanks
          Ben

          1 Reply Last reply Reply Quote 0
          • Cry Havok
            Cry Havok last edited by

            What version of pfSense do you have on both sides? What IP ranges are you using for each LAN and for the VPN?

            1 Reply Last reply Reply Quote 0
            • R
              rem2500 last edited by

              2.0-RC2

              Server:  10.0.0.0/24
              Client:    10.0.1.0/24
              Tunnel:  10.0.12.0/24

              Thanks
              Ben

              1 Reply Last reply Reply Quote 0
              • Cry Havok
                Cry Havok last edited by

                You've created firewall rules to allow traffic on the VPN interfaces?

                Can the pfSense hosts ping the other pfSense host, over the VPN?

                1 Reply Last reply Reply Quote 0
                • R
                  rem2500 last edited by

                  Hey, first thanks again for your help!

                  Yes, I have created WAN side rules for port 1194 for UDP (which is what I set the OpenVPNs to use) and also created a * rule on the OpenVPN tab as well on both the client and server.

                  No, I cannot ping one pfsense box from the other either.

                  Thanks
                  Ben

                  1 Reply Last reply Reply Quote 0
                  • Cry Havok
                    Cry Havok last edited by

                    Is the OpenVPN tunnel actually up? What do the logs show on each end?

                    1 Reply Last reply Reply Quote 0
                    • G
                      Ghal last edited by

                      @rem2500:

                      2.0-RC2

                      Server:  10.0.0.0/24
                      Client:    10.0.1.0/24
                      Tunnel:   10.0.12.0/24

                      Thanks
                      Ben

                      If I remeber it right to make it work you have to make a iroute 10.0.1.0 255.255.255.0 on the server side This command can't be set in the custum options so you have to create a client-specific configuration for you client to put that command in.

                      Best of luck

                      Ghal

                      1 Reply Last reply Reply Quote 0
                      • R
                        root2020 last edited by

                        Post screenshots of your VPN log and your OpenVPN config from both sides. Do not include your Public Internet IP, domain and Pre-Shared Key.

                        1 Reply Last reply Reply Quote 0
                        • R
                          rem2500 last edited by

                          Hey guys,

                          Figured it out and as usual, it was just a stupid error on my part.  On the OpenVPN rules tab, I was only allowing all UDP traffic.  Once I allowed all traffic, then all was good.

                          Thanks for the help!
                          Ben

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post

                          Products

                          • Platform Overview
                          • TNSR
                          • pfSense
                          • Appliances

                          Services

                          • Training
                          • Professional Services

                          Support

                          • Subscription Plans
                          • Contact Support
                          • Product Lifecycle
                          • Documentation

                          News

                          • Media Coverage
                          • Press
                          • Events

                          Resources

                          • Blog
                          • FAQ
                          • Find a Partner
                          • Resource Library
                          • Security Information

                          Company

                          • About Us
                          • Careers
                          • Partners
                          • Contact Us
                          • Legal
                          Our Mission

                          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                          Subscribe to our Newsletter

                          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                          © 2021 Rubicon Communications, LLC | Privacy Policy