Site 2 Site problem



  • Hi,
    Need help badly…

    Trying to get a connection between two sites

    Site1 10.12.10.0/24
    <->
    Pfsense01 WAN IP 192.168.1.64
    <->
    VDSL Dynamic IP
    <->
    Internet
    <->
    VDSL Dynamic IP
    <->
    Pfsense02 WAN IP 192.168.1.64
    <->
    Site2 10.12.20.0/24

    I have followed every guide that i could find but i can't get connection.

    But he VPN is still down!

    We have upgraded the VDSL at site1. Before that we got a static IP and IPsec between the sites.

    Please help me!



  • What exactly do you have setup? what does the OpenVPN status show? What do the OpenVPN logs show?



  • I have followed this guide
    http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)

    Now i see that the client status is reconnecting; ping-restart

    Log from server

    Apr 5 12:19:24

    openvpn[29120]: UDPv4 link remote: [undef]

    Apr 5 12:19:24

    openvpn[29120]: UDPv4 link local (bound): [AF_INET]192.168.1.64:1195

    Apr 5 12:19:24

    openvpn[20057]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1592 10.0.8.1 10.0.8.2 init

    Apr 5 12:19:24

    openvpn[20057]: /sbin/ifconfig ovpns1 10.0.8.1 netmask 10.0.8.2 mtu 1500 up

    Apr 5 12:19:24

    openvpn[20057]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

    Apr 5 12:19:24

    openvpn[20057]: TUN/TAP device /dev/tap1 opened

    Apr 5 12:19:24

    openvpn[20057]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.12.20.0

    Apr 5 12:19:24

    openvpn[20057]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a –route option and no default was specified by either --route-gateway or --ifconfig options

    Apr 5 12:19:24

    openvpn[20057]: WARNING: Since you are using –dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)

    Apr 5 12:19:24

    openvpn[20057]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts

    Apr 5 12:19:24

    openvpn[20057]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Aug 11 2011

    Log from Client

    Apr 5 12:21:18

    openvpn[10359]: UDPv4 link remote: [AF_INET]85.228.110.124:1195

    Apr 5 12:21:18

    openvpn[10359]: UDPv4 link local (bound): [AF_INET]192.168.1.64:1195

    Apr 5 12:21:18

    openvpn[10359]: Preserving previous TUN/TAP instance: ovpnc1

    Apr 5 12:21:18

    openvpn[10359]: Re-using pre-shared static key

    Apr 5 12:21:18

    openvpn[10359]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts

    Apr 5 12:21:16

    openvpn[10359]: SIGUSR1[soft,ping-restart] received, process restarting

    Apr 5 12:21:16

    openvpn[10359]: Inactivity timeout (–ping-restart), restarting



  • Given both your firewalls have a private WAN IP, I suspect on the server side the modem isn't passing the traffic through to the actual WAN IP. Can verify with packet capture and/or states.



  • Networking is not my main area…

    How could i check how the traffic is passing?



  • ambly-

    Have you set up your server side dsl modem to port forward the vpn traffic?



  • I found a way to set one of the dsl modems in bridged mode and now it works!


Log in to reply