Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site-to-Site no ping 1.2rc3

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      noitalever
      last edited by

      Ok, here is my configuration:

      I've followed the documentation to the t, except for where it's wrong.

      It does say, the bold is incorrect, "Set Protocol to “TCP”, “Server address” must be set to the official IP of Office1 (if
      that’s not the WAN interface of pfsense, your router has to do portforwarding),
      “Server port” is 1193. “Interface IP” should be filled with your local subnet.
      The “Remote network” field is the LAN subnet of Office1."

      so I have setup two lans, 192.168.252.1 and 192.168.250.1

      252 = server side, 250 = client lan.

      I have on the client side: (which is the 192.168.250.1 Lan)

      Protocol  TCP
      Server address :70.xxx.xxx.xxx
      Server port :1193
      Interface IP  192.168.10.0/24
      Remote network  192.168.252.0/24

      and on the server side,

      Protocol  TCP
      Dynamic IP  is checked
      Local port  1193
      Address pool: 192.168.10.0/24
      Use static IPs  not checked
      Local network  blanked,
      Remote network  192.168.250.0/24

      Here are the logs I get.

      client side, last to first

      Nov 26 12:14:53 openvpn[39023]: Initialization Sequence Completed
      Nov 26 12:14:53 openvpn[39023]: Peer Connection Initiated with Server Public IP:1193
      Nov 26 12:14:52 openvpn[39023]: TCPv4_CLIENT link remote: Server Public IP:1193
      Nov 26 12:14:52 openvpn[39023]: TCPv4_CLIENT link local: [undef]
      Nov 26 12:14:52 openvpn[39023]: TCP connection established with Server Public IP:1193
      Nov 26 12:14:52 openvpn[39023]: Attempting to establish TCP connection with Server Public IP:1193

      server side, last to first.

      Nov 26 12:14:54 openvpn[43206]: Initialization Sequence Completed
      Nov 26 12:14:53 openvpn[43206]: Peer Connection Initiated with Client Public IP:30633
      Nov 26 12:14:53 openvpn[43206]: TCPv4_SERVER link remote: Client Public IP:30633
      Nov 26 12:14:53 openvpn[43206]: TCPv4_SERVER link local (bound): [undef]:1193
      Nov 26 12:14:53 openvpn[43206]: TCP connection established with Client Public IP:30633
      Nov 26 12:14:51 openvpn[43206]: Listening for incoming TCP connection on [undef]:1193
      Nov 26 12:14:51 openvpn[43206]: Preserving previous TUN/TAP instance: tun1
      Nov 26 12:14:51 openvpn[43206]: TCP/UDP: Preserving recently used remote address: Client Public IP:12268
      Nov 26 12:14:51 openvpn[43206]: Re-using pre-shared static key
      Nov 26 12:14:50 openvpn[43206]: SIGUSR1[soft,connection-reset] received, process restarting
      Nov 26 12:14:50 openvpn[43206]: Connection reset, restarting [0]

      and no ping, no traceroute, no ability to remote deskotop, can't outlook, etc.

      firewall rules are setup on both sides to allow 1193 in and i'm getting nowhere.

      please help?

      1 Reply Last reply Reply Quote 0
      • N
        noitalever
        last edited by

        anybody? help? this should be pretty simple, site to site, right? it's not working and i'm going to have to use another solution if i can't get this to work… i'd really like to use pfsense... what's going wrong?

        1 Reply Last reply Reply Quote 0
        • GruensFroeschliG
          GruensFroeschli
          last edited by

          could you post the actual openVPn config files?
          (they are stored in /var/etc/ )

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • C
            chazers18
            last edited by

            @noitalever:

            I have on the client side: (which is the 192.168.250.1 Lan)

            Protocol  TCP
            Server address :70.xxx.xxx.xxx
            Server port :1193
            Interface IP  192.168.10.0/24
            Remote network  192.168.252.0/24

            and on the server side,

            Protocol  TCP
            Dynamic IP  is checked
            Local port  1193
            Address pool: 192.168.10.0/24
            Use static IPs  not checked
            Local network  blanked,
            Remote network  192.168.250.0/24

            I think that this could help, you should set a rule a for a push route so the client side know what is what on the server side? (email servers Domain controllers?)

            push "dhcp-option DNS x.x.x.x";push "dhcp-option WINS x.x.x.x"

            that was the old school way now they have a fill in the boxes with your needed servers ip

            also shouldn't you fill in the local network in the upperbox?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.