Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with OpenVPN when it has site-to-site and road warrior simultaneously

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mosquitohippy
      last edited by

      Hi everybody

      I setup up a site-to-site Openvpn Tunnel with two Pfsense boxes, it worked well.  It have been working well since a couple of months but last week due to a requierement of ours central office I had to set-up a roadwarrios as well, I'm using the same server I'm using as server for the site-to-site as server for the roadwarrior, i didn't think i would need another one, still don't.  I create a new certificate using the same CA i use for the site-to-site and a new user.  Using this certificate the road warrior client is able to connect from the remote location.

      Everything nice, but i started to notice since i create the new vpn server for the roadwarriors that my site-to-site statrs to drop connection to otherside of the tunnel.

      This the message that shows in the logs:
      TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

      Obviusly there is, not connectivity problem since the site-to-site have been working for a while.

      Also i have to say the client Pfsense box is behind another Pfsense box which is Load Balancer/Failover.

      I don't know if the fact i'm using the same CA may be an issue.

      I don't know what could be happening, any ideas?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        how many concurrent connections did you set ?
        is the tunnel subnet big enough to accomodate all clients ?

        I've never attempted to use the same ovpn server todo site2site aswell as RW …. perhaps it works, perhaps it dont

        1 Reply Last reply Reply Quote 0
        • M
          mosquitohippy
          last edited by

          The RW was set for just two concurrents connections

          1 Reply Last reply Reply Quote 0
          • M
            mosquitohippy
            last edited by

            But i have the feeling it's something else, the box in the remote side of the tunnel has turned extremely slow, gui response is sluggish, i find difficult to imagine that it's something hardware related but it appears so, the tunnel was working well until friday.

            1 Reply Last reply Reply Quote 0
            • M
              mosquitohippy
              last edited by

              Besides, i turned off the Road Warrior and even so the site-to-site doesn't lift-up

              1 Reply Last reply Reply Quote 0
              • M
                mosquitohippy
                last edited by

                My Bad, my bad, my bad, i'm sorry, i'm sorry, problem solved, human error, what happend was that the it person in the location add another pc with the same static ip address of Pfsense box., whenever this guy turned on that pc my Pfsense losted connectivity, sorry if made anybody waste his time.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.