Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN Tunnel Up - Cannot Pass Traffic

    Scheduled Pinned Locked Moved
    OpenVPN
    3
    6
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SMuD
      last edited by

      OK, I have tried to set up an Open VPN Site-to-Site Shared Key tunnel using the instructions here:

      http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)

      The tunnel shows up on the server and the client.  The server settings and client settings are set to use port 1195 (1194 is in use by a bridged tunnel to another site).  The firewall rules for OVPN allow all traffic.

      Despite this, I cannot ping the other end of the tunnel, let alone a device on the subnets specified in the configuration.  No routes to those subnets show up on the server or the client.

      What am I doing wrong?

      Thank you!
      ![Server _Status.png](/public/imported_attachments/1/Server _Status.png)
      ![Server _Status.png_thumb](/public/imported_attachments/1/Server _Status.png_thumb)
      ![Client _Status.png](/public/imported_attachments/1/Client _Status.png)
      ![Client _Status.png_thumb](/public/imported_attachments/1/Client _Status.png_thumb)
      Server_Settings.png
      Server_Settings.png_thumb
      Client_Settings.png
      Client_Settings.png_thumb
      Server_OVPN_Rules.png
      Server_OVPN_Rules.png_thumb
      Client_OVPN_Rules.png
      Client_OVPN_Rules.png_thumb

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Your configs look OK.
        Are there some settings in the other server on 1194 that might conflict (e.g. same tunnel network used or?)
        What exactly does end up in the routing table at each end?
        What pfSense version at each end?

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • S
          SMuD
          last edited by

          All the systems are 2.01 or better.  I have another system that I have tried adding as a server on the other end that currently has no other tunnels running.  I noticed this in the log on the client (release 2.03):

          openvpn[41521]: ERROR: FreeBSD route add command failed: external program exited with error status: 1

          The rest of the client log:

          Aug 26 13:21:55 openvpn[25624]: event_wait : Interrupted system call (code=4)
          Aug 26 13:21:55 openvpn[25624]: /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1560 192.168.200.2 192.168.200.1 init
          Aug 26 13:21:55 openvpn[25624]: SIGTERM[hard,] received, process exiting
          Aug 26 13:21:55 openvpn[41521]: OpenVPN 2.2.2 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] built on Apr 2 2013
          Aug 26 13:21:55 openvpn[41521]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
          Aug 26 13:21:55 openvpn[41521]: TUN/TAP device /dev/tun1 opened
          Aug 26 13:21:55 openvpn[41521]: /sbin/ifconfig ovpnc1 192.168.200.2 192.168.200.1 mtu 1500 netmask 255.255.255.255 up
          Aug 26 13:21:55 openvpn[41521]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1560 192.168.200.2 192.168.200.1 init
          Aug 26 13:21:56 openvpn[41521]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
          Aug 26 13:21:56 openvpn[43123]: UDPv4 link local (bound): yyy.yyy.yyy.yyy
          Aug 26 13:21:56 openvpn[43123]: UDPv4 link remote: xxx.xxx.xxx.xxx:1194
          Aug 26 13:22:00 openvpn[43123]: Peer Connection Initiated with xxx.xxx.xxx.xxx:1194
          Aug 26 13:22:00 openvpn[43123]: Initialization Sequence Completed

          On the server logs (release 2.03):

          Aug 26 12:13:44 openvpn[57264]: OpenVPN 2.2.2 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] built on Apr 2 2013
          Aug 26 12:13:44 openvpn[57264]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
          Aug 26 12:13:44 openvpn[57264]: TUN/TAP device /dev/tun1 opened
          Aug 26 12:13:44 openvpn[57264]: /sbin/ifconfig ovpns1 192.168.200.1 192.168.200.2 mtu 1500 netmask 255.255.255.255 up
          Aug 26 12:13:44 openvpn[57264]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1560 192.168.200.1 192.168.200.2 init
          Aug 26 12:13:44 openvpn[58724]: UDPv4 link local (bound): xxx.xxx.xxx.xxx:1194
          Aug 26 12:13:44 openvpn[58724]: UDPv4 link remote: [undef]
          Aug 26 12:21:56 openvpn[58724]: Peer Connection Initiated with yyy.yyy.yyy.yyy:22124
          Aug 26 12:21:56 openvpn[58724]: Initialization Sequence Completed

          1 Reply Last reply Reply Quote 0
          • S
            SMuD
            last edited by

            Also, I never see the local networks entered in the Open VPN settings in the routing table.

            1 Reply Last reply Reply Quote 0
            • S
              SMuD
              last edited by

              I have no ideas at this point.  I have tried a few different pfSense systems and on each one, even though it shows the tunnel up, there is no route to the client or server networks in the routing table.

              Can anyone else think of something I am doing wrong? :o

              1 Reply Last reply Reply Quote 0
              • M
                marvosa
                last edited by

                Post your server1.conf and client1.conf.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post