Site-to-Site Routing



  • Hey Guys,

    I have spent a couple of days trying to setup the site to site stuff with OpenVPN and am getting nowhere. I have followed numerous tutorials and none of them seemed to have worked for me. I am trying to setup a VPN from my network (10.10.0.0/24) to a friends network(192.168.0.0/24) via pfSense and OpenVPN so that essentially it is one network. To keep it simple, I have used a pre-shared key approach on a peer-to-peer server. The VPN link is on 10.0.8.0/24.

    Here is the idea… (mynetwork 10.10.0.0/24)--(pfsense, OVPN server)--internet--(pfsense, OVPN client)--(his network, 192.168.0.0/24)

    So the problem is routing in my perspective, I think though... The OpenVPN status says it is connected, but he cant ping the gateway or any clients behind it. I can ping the gateway but no his IP or the clients on his network.

    This is the server setup:






    This is the client config:

    I am honestly out of ideas and routing is the only thing that comes to mind. Thanks for the help in advanced!



  • Which tutorial did you follow?  I followed this and got it working:

    http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_%28Shared_Key,_2.0%29#OpenVPN_with_Site_to_Site_Routing

    Server-side:
    -Remove what you have in the "advanced configuration" section… it's redundant.
    -Firewall->Rules->LAN tab, you can remove those last 2 entries, and everything else for that matter, you already have an any/any rule.
    -Firewall->Rules->WAN tab, should have a rule like this: |UDP| * |* | WAN address | 1194 | * | none |

    Client-side:
    -In the Tunnel Settings section, change the Remote Network setting to 10.10.0.0/24. (looks like he entered his LAN instead of the remote network)
    -clear anything in the advanced section here too unless you guys have more than one subnet on both sides.



  • Blank out your advanced configuration, save and restart the vpn server… see if that fixes it.

    Also- what do your server side wan rules look like?



  • Thanks guys, @marvosa, I have followed that guide exactly then started scrounging for others. I have incorporated the changes that both of you have noted, and still no dice. Here is the config as it stands now.

    Server:




    **Just noticed the typo. Tunnel network should be 10.0.8.0/24 instead of 10.10.0.0/24. That has been fixed, but still not working.





    Client:




    So still, neither side can ping each other or the gateway for that matter. I am thinking of trying a bridged config, although it would not be my first choice.
    Thanks again!



  • On the second line of the logs .. it seems it is showing an authentication/decryption error. Check your entire pre-shared keys. Your conf still shows routes to be pushed. I would also save everything again … then reboot both side.  I hope that you have the allow rule on both side.



  • Also-

    In your open VPN rules put your addresses    192.168.0.0/24 ect…

    Your LAN rules have a lot of redundant rules.    The ANY ANY rule pretty much does it...

    What version of pfSense are you running?    I havent had a client side openvpn gateway since 2.0.1 came out...

    Shouldn't have one on the server side...

    Mine-

    ifconfig 10.0.8.1 10.0.8.2
    lport 1194

    Yours (client side)is different from mine…    I don't think yours took...


Log in to reply