OpenVPN Site to Site problem



  • I installed a OpenVPN site-to-site VPN with two pfsense 1.0.1 boxes for testing. I am not sure what is wrong in the pfsense configuration. here is my diagram

    10.189.137.1                                   10.189.137.15
    Laptop1–-------Pfsense1---------OpenVPN------------Pfsense2---------Laptop2
    192.168.1.2      192.168.1.1                                      192.168.2.1          192.168.2.2

    • on laptop2 I can reach external ip (10.189.137.1) but i could not get in internal ip of pfsense1
    • on laptop1 I could not get in even external ip of pfsense2.
    • rule allowed tcp/utp * * * following are the firewall log file
        Mar 23 18:25:04 LAN 192.168.2.3 192.168.1.1 ICMP
        Mar 23 18:25:25 WAN 192.168.1.3 10.189.137.2 ICMP
        Mar 23 18:28:58 LAN 192.168.2.3 192.168.1.1 ICMP
        Mar 23 18:29:57 WAN 192.168.1.3 10.189.137.2 ICMP
        Mar 23 18:31:28 LAN 192.168.2.3 192.168.1.1 ICMP
        Mar 23 18:32:09 LAN 192.168.2.3:138 192.168.2.255:138 UDP
        Mar 23 18:32:29 LAN 192.168.2.3 192.168.1.1 ICMP
        Mar 23 18:33:11 LAN 192.168.2.3 192.168.1.1 ICMP
        Mar 23 18:39:57 LAN 192.168.2.3:138 192.168.2.255:138 UDP
        Mar 23 18:40:44 LAN 192.168.2.3 192.168.1.1 ICMP
        Mar 23 18:44:08 LAN 192.168.2.3:138 192.168.2.255:138 UDP
        Mar 23 18:45:35 LAN 192.168.2.3:2078 192.168.1.5:2967 TCP
        Mar 23 18:45:57 LAN 192.168.2.3:137 192.168.2.255:137 UDP
        Mar 23 18:46:41 LAN 192.168.2.3 10.189.137.1 ICMP
        Mar 23 18:46:47 LAN 192.168.2.3 192.168.1.2 ICMP
        Mar 23 18:46:50 LAN 192.168.2.3 192.168.1.1 ICMP
        Mar 23 18:51:21 LAN 192.168.2.3:137 192.168.2.255:137 UDP
        Mar 23 18:52:33 LAN 192.168.2.3:137 192.168.2.255:137 UDP
        Mar 23 18:52:55 LAN 192.168.2.3 192.168.1.1 ICMP

    anyone help me !!!
    Thanks in advance



  • Create the related rule to allow the access across firewall ?



  • Wich one is running as server?
    Please post your server and client configurations.



  • Thanks for you respone. Pfsense1 is the server site and pfsense2 is the client.
    this is the configuration for both sites.

    Client site                                                Server site
    Protocol        TCP                                      Protocol        TCP     
    Srever Add    10.189.137.1                          Dynamic IP      enabled
    Server port    1194                                    Address pool    192.168.10.0/24
    Interface IP  192.168.2.0/24                        Remote IP      192.168.2.0/24         
    Remote network 192.168.1.0/24                   
    Proxy port    3128

    I already created rule that allow all traffic from WAN to LAN.
    Thanks


Log in to reply