Site-to-Site Routing
-
Hey Guys,
I have spent a couple of days trying to setup the site to site stuff with OpenVPN and am getting nowhere. I have followed numerous tutorials and none of them seemed to have worked for me. I am trying to setup a VPN from my network (10.10.0.0/24) to a friends network(192.168.0.0/24) via pfSense and OpenVPN so that essentially it is one network. To keep it simple, I have used a pre-shared key approach on a peer-to-peer server. The VPN link is on 10.0.8.0/24.
Here is the idea… (mynetwork 10.10.0.0/24)--(pfsense, OVPN server)--internet--(pfsense, OVPN client)--(his network, 192.168.0.0/24)
So the problem is routing in my perspective, I think though... The OpenVPN status says it is connected, but he cant ping the gateway or any clients behind it. I can ping the gateway but no his IP or the clients on his network.
This is the server setup:
This is the client config:
I am honestly out of ideas and routing is the only thing that comes to mind. Thanks for the help in advanced!
-
Which tutorial did you follow? I followed this and got it working:
Server-side:
-Remove what you have in the "advanced configuration" section… it's redundant.
-Firewall->Rules->LAN tab, you can remove those last 2 entries, and everything else for that matter, you already have an any/any rule.
-Firewall->Rules->WAN tab, should have a rule like this: |UDP| * |* | WAN address | 1194 | * | none |Client-side:
-In the Tunnel Settings section, change the Remote Network setting to 10.10.0.0/24. (looks like he entered his LAN instead of the remote network)
-clear anything in the advanced section here too unless you guys have more than one subnet on both sides. -
Blank out your advanced configuration, save and restart the vpn server… see if that fixes it.
Also- what do your server side wan rules look like?
-
Thanks guys, @marvosa, I have followed that guide exactly then started scrounging for others. I have incorporated the changes that both of you have noted, and still no dice. Here is the config as it stands now.
Server:
**Just noticed the typo. Tunnel network should be 10.0.8.0/24 instead of 10.10.0.0/24. That has been fixed, but still not working.
Client:
So still, neither side can ping each other or the gateway for that matter. I am thinking of trying a bridged config, although it would not be my first choice.
Thanks again! -
On the second line of the logs .. it seems it is showing an authentication/decryption error. Check your entire pre-shared keys. Your conf still shows routes to be pushed. I would also save everything again … then reboot both side. I hope that you have the allow rule on both side.
-
Also-
In your open VPN rules put your addresses 192.168.0.0/24 ect…
Your LAN rules have a lot of redundant rules. The ANY ANY rule pretty much does it...
What version of pfSense are you running? I havent had a client side openvpn gateway since 2.0.1 came out...
Shouldn't have one on the server side...
Mine-
ifconfig 10.0.8.1 10.0.8.2
lport 1194Yours (client side)is different from mine… I don't think yours took...
