Site-to-Site no ping 1.2rc3

noitalever

Ok, here is my configuration:

I've followed the documentation to the t, except for where it's wrong.

It does say, the bold is incorrect, "Set Protocol to “TCP”, “Server address” must be set to the official IP of Office1 (if
that’s not the WAN interface of pfsense, your router has to do portforwarding),
“Server port” is 1193. “Interface IP” should be filled with your local subnet.
The “Remote network” field is the LAN subnet of Office1."

so I have setup two lans, 192.168.252.1 and 192.168.250.1

252 = server side, 250 = client lan.

I have on the client side: (which is the 192.168.250.1 Lan)

Protocol  TCP
Server address :70.xxx.xxx.xxx
Server port :1193
Interface IP  192.168.10.0/24
Remote network  192.168.252.0/24

and on the server side,

Protocol  TCP
Dynamic IP  is checked
Local port  1193
Address pool: 192.168.10.0/24
Use static IPs  not checked
Local network  blanked,
Remote network  192.168.250.0/24

Here are the logs I get.

client side, last to first

Nov 26 12:14:53 openvpn[39023]: Initialization Sequence Completed
Nov 26 12:14:53 openvpn[39023]: Peer Connection Initiated with Server Public IP:1193
Nov 26 12:14:52 openvpn[39023]: TCPv4_CLIENT link remote: Server Public IP:1193
Nov 26 12:14:52 openvpn[39023]: TCPv4_CLIENT link local: [undef]
Nov 26 12:14:52 openvpn[39023]: TCP connection established with Server Public IP:1193
Nov 26 12:14:52 openvpn[39023]: Attempting to establish TCP connection with Server Public IP:1193

server side, last to first.

Nov 26 12:14:54 openvpn[43206]: Initialization Sequence Completed
Nov 26 12:14:53 openvpn[43206]: Peer Connection Initiated with Client Public IP:30633
Nov 26 12:14:53 openvpn[43206]: TCPv4_SERVER link remote: Client Public IP:30633
Nov 26 12:14:53 openvpn[43206]: TCPv4_SERVER link local (bound): [undef]:1193
Nov 26 12:14:53 openvpn[43206]: TCP connection established with Client Public IP:30633
Nov 26 12:14:51 openvpn[43206]: Listening for incoming TCP connection on [undef]:1193
Nov 26 12:14:51 openvpn[43206]: Preserving previous TUN/TAP instance: tun1
Nov 26 12:14:51 openvpn[43206]: TCP/UDP: Preserving recently used remote address: Client Public IP:12268
Nov 26 12:14:51 openvpn[43206]: Re-using pre-shared static key
Nov 26 12:14:50 openvpn[43206]: SIGUSR1[soft,connection-reset] received, process restarting
Nov 26 12:14:50 openvpn[43206]: Connection reset, restarting [0]

and no ping, no traceroute, no ability to remote deskotop, can't outlook, etc.

firewall rules are setup on both sides to allow 1193 in and i'm getting nowhere.

please help?

noitalever

anybody? help? this should be pretty simple, site to site, right? it's not working and i'm going to have to use another solution if i can't get this to work… i'd really like to use pfsense... what's going wrong?

GruensFroeschli

could you post the actual openVPn config files?
(they are stored in /var/etc/ )

chazers18

@noitalever:

I have on the client side: (which is the 192.168.250.1 Lan)

Protocol  TCP
Server address :70.xxx.xxx.xxx
Server port :1193
Interface IP  192.168.10.0/24
Remote network  192.168.252.0/24

and on the server side,

Protocol  TCP
Dynamic IP  is checked
Local port  1193
Address pool: 192.168.10.0/24
Use static IPs  not checked
Local network  blanked,
Remote network  192.168.250.0/24

I think that this could help, you should set a rule a for a push route so the client side know what is what on the server side? (email servers Domain controllers?)

push "dhcp-option DNS x.x.x.x";push "dhcp-option WINS x.x.x.x"

that was the old school way now they have a fill in the boxes with your needed servers ip

also shouldn't you fill in the local network in the upperbox?