Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site-to-Site Routing

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maxpol
      last edited by

      Hey Guys,

      I have spent a couple of days trying to setup the site to site stuff with OpenVPN and am getting nowhere. I have followed numerous tutorials and none of them seemed to have worked for me. I am trying to setup a VPN from my network (10.10.0.0/24) to a friends network(192.168.0.0/24) via pfSense and OpenVPN so that essentially it is one network. To keep it simple, I have used a pre-shared key approach on a peer-to-peer server. The VPN link is on 10.0.8.0/24.

      Here is the idea… (mynetwork 10.10.0.0/24)--(pfsense, OVPN server)--internet--(pfsense, OVPN client)--(his network, 192.168.0.0/24)

      So the problem is routing in my perspective, I think though... The OpenVPN status says it is connected, but he cant ping the gateway or any clients behind it. I can ping the gateway but no his IP or the clients on his network.

      This is the server setup:






      This is the client config:

      I am honestly out of ideas and routing is the only thing that comes to mind. Thanks for the help in advanced!

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        Which tutorial did you follow?  I followed this and got it working:

        http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_%28Shared_Key,_2.0%29#OpenVPN_with_Site_to_Site_Routing

        Server-side:
        -Remove what you have in the "advanced configuration" section… it's redundant.
        -Firewall->Rules->LAN tab, you can remove those last 2 entries, and everything else for that matter, you already have an any/any rule.
        -Firewall->Rules->WAN tab, should have a rule like this: |UDP| * |* | WAN address | 1194 | * | none |

        Client-side:
        -In the Tunnel Settings section, change the Remote Network setting to 10.10.0.0/24. (looks like he entered his LAN instead of the remote network)
        -clear anything in the advanced section here too unless you guys have more than one subnet on both sides.

        1 Reply Last reply Reply Quote 0
        • chpalmerC
          chpalmer
          last edited by

          Blank out your advanced configuration, save and restart the vpn server… see if that fixes it.

          Also- what do your server side wan rules look like?

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          1 Reply Last reply Reply Quote 0
          • M
            maxpol
            last edited by

            Thanks guys, @marvosa, I have followed that guide exactly then started scrounging for others. I have incorporated the changes that both of you have noted, and still no dice. Here is the config as it stands now.

            Server:




            **Just noticed the typo. Tunnel network should be 10.0.8.0/24 instead of 10.10.0.0/24. That has been fixed, but still not working.





            Client:




            So still, neither side can ping each other or the gateway for that matter. I am thinking of trying a bridged config, although it would not be my first choice.
            Thanks again!

            1 Reply Last reply Reply Quote 0
            • P
              podilarius
              last edited by

              On the second line of the logs .. it seems it is showing an authentication/decryption error. Check your entire pre-shared keys. Your conf still shows routes to be pushed. I would also save everything again … then reboot both side.  I hope that you have the allow rule on both side.

              1 Reply Last reply Reply Quote 0
              • chpalmerC
                chpalmer
                last edited by

                Also-

                In your open VPN rules put your addresses    192.168.0.0/24 ect…

                Your LAN rules have a lot of redundant rules.    The ANY ANY rule pretty much does it...

                What version of pfSense are you running?    I havent had a client side openvpn gateway since 2.0.1 came out...

                Shouldn't have one on the server side...

                Mine-

                ifconfig 10.0.8.1 10.0.8.2
                lport 1194

                Yours (client side)is different from mine…    I don't think yours took...

                Triggering snowflakes one by one..
                Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.