4. Site-to-Site Routing

Site-to-Site Routing

  • M

    Hey Guys,

    I have spent a couple of days trying to setup the site to site stuff with OpenVPN and am getting nowhere. I have followed numerous tutorials and none of them seemed to have worked for me. I am trying to setup a VPN from my network (10.10.0.0/24) to a friends network(192.168.0.0/24) via pfSense and OpenVPN so that essentially it is one network. To keep it simple, I have used a pre-shared key approach on a peer-to-peer server. The VPN link is on 10.0.8.0/24.

    Here is the idea… (mynetwork 10.10.0.0/24)--(pfsense, OVPN server)--internet--(pfsense, OVPN client)--(his network, 192.168.0.0/24)

    So the problem is routing in my perspective, I think though... The OpenVPN status says it is connected, but he cant ping the gateway or any clients behind it. I can ping the gateway but no his IP or the clients on his network.

    This is the server setup:






    This is the client config:

    I am honestly out of ideas and routing is the only thing that comes to mind. Thanks for the help in advanced!

    0
  • M

    Which tutorial did you follow?  I followed this and got it working:

    http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_%28Shared_Key,_2.0%29#OpenVPN_with_Site_to_Site_Routing

    Server-side:
    -Remove what you have in the "advanced configuration" section… it's redundant.
    -Firewall->Rules->LAN tab, you can remove those last 2 entries, and everything else for that matter, you already have an any/any rule.
    -Firewall->Rules->WAN tab, should have a rule like this: |UDP| * |* | WAN address | 1194 | * | none |

    Client-side:
    -In the Tunnel Settings section, change the Remote Network setting to 10.10.0.0/24. (looks like he entered his LAN instead of the remote network)
    -clear anything in the advanced section here too unless you guys have more than one subnet on both sides.

    0

  • Blank out your advanced configuration, save and restart the vpn server… see if that fixes it.

    Also- what do your server side wan rules look like?

    0
  • M

    Thanks guys, @marvosa, I have followed that guide exactly then started scrounging for others. I have incorporated the changes that both of you have noted, and still no dice. Here is the config as it stands now.

    Server:




    **Just noticed the typo. Tunnel network should be 10.0.8.0/24 instead of 10.10.0.0/24. That has been fixed, but still not working.





    Client:




    So still, neither side can ping each other or the gateway for that matter. I am thinking of trying a bridged config, although it would not be my first choice.
    Thanks again!

    0
  • P

    On the second line of the logs .. it seems it is showing an authentication/decryption error. Check your entire pre-shared keys. Your conf still shows routes to be pushed. I would also save everything again … then reboot both side.  I hope that you have the allow rule on both side.

    0

  • Also-

    In your open VPN rules put your addresses    192.168.0.0/24 ect…

    Your LAN rules have a lot of redundant rules.    The ANY ANY rule pretty much does it...

    What version of pfSense are you running?    I havent had a client side openvpn gateway since 2.0.1 came out...

    Shouldn't have one on the server side...

    Mine-

    ifconfig 10.0.8.1 10.0.8.2
    lport 1194

    Yours (client side)is different from mine…    I don't think yours took...

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy