Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hi Guys Please help for the site to site VPN setting problem~~!!

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      timllz83
      last edited by

      Hi guys,

      i got some problems in setting up the site to site VPN setting. the network mapping is in the attachment file.

      question:

      1. in my network, it looks like i got 2 NAT need to be set up. cause i am new in with pfsense. in general how could i set it up? some people mention that i should set the router in bridging mode. any suggestion? and how can i do it?

      2. i would like set up a site to site VPN tunnel between Site 1 and Site 2. i try OpenVPN it didn't work. is there any special port need to be open on R1 -> server site on public ip port side? (1194) how to do it? i had already set the NAT From R1 to PF1 and set the rule in PFsense as well. i try to scan my site 1 public ip, port 1194 is not open…...

      3. site to site VPN problem as well, i try IPsec,  is there any special port need to be open ?  i checked the log in site 1

      racoon: ERROR: failed to get sainfo.

      anything goes wrong?

      regards,

      question.jpg
      question.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • C
        craigduff
        last edited by

        You routers need to be in bridge mode yes as you said.. But its easier if you put the pfsense box in the routers DMZ and then it will forward all the required ports while your stil. be protected by Pfsense.

        Personally if it was me, if you have an ISP that could off you 2 public IPs thats always the best option. Then you wont have this issue.

        Recommended router which can do pass through traffic for what your after i would recommend Zyxel. P-660h1?

        Kind Regards,
        Craig

        1 Reply Last reply Reply Quote 0
        • C
          Clouseau
          last edited by

          @craigduff:

          You routers need to be in bridge mode yes as you said.. But its easier if you put the pfsense box in the routers DMZ and then it will forward all the required ports while your stil. be protected by Pfsense.

          Personally if it was me, if you have an ISP that could off you 2 public IPs thats always the best option. Then you wont have this issue.

          Recommended router which can do pass through traffic for what your after i would recommend Zyxel. P-660h1?

          Yes - pfSense and VPN in general works just great when you have public ip on pfSense wan side (tunnel endpoint). I had one case I had one side with public ip and other end like you with priveta ip - it worked a while but after some while it just went dead. Just changing the private ip to public made the charm  8)

          racoon: ERROR: failed to get sainfo.

          Check your mask values - this is typical error message in that case.

          –--------------------------------------------------------------
          Multible Alix 2D13, APU1,APU2,APU3 - pfSense 2.4.x 64bit
          Multible Vmware vSphere - pfSense 2.4.x 64bit

          pfSense - FreeNAS - OwnCloud

          1 Reply Last reply Reply Quote 0
          • T
            timllz83
            last edited by

            Thanks guys.
            Problem solved.
            i just for found i made a mistake by doing TCP port forward in cisco router and follow the guide to using the udp in openvpn seting.

            any way, thank you.!!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.