Site-to-Site no ping 1.2rc3



  • Ok, here is my configuration:

    I've followed the documentation to the t, except for where it's wrong.

    It does say, the bold is incorrect, "Set Protocol to “TCP”, “Server address” must be set to the official IP of Office1 (if
    that’s not the WAN interface of pfsense, your router has to do portforwarding),
    “Server port” is 1193. “Interface IP” should be filled with your local subnet.
    The “Remote network” field is the LAN subnet of Office1."

    so I have setup two lans, 192.168.252.1 and 192.168.250.1

    252 = server side, 250 = client lan.

    I have on the client side: (which is the 192.168.250.1 Lan)

    Protocol  TCP
    Server address :70.xxx.xxx.xxx
    Server port :1193
    Interface IP  192.168.10.0/24
    Remote network  192.168.252.0/24

    and on the server side,

    Protocol  TCP
    Dynamic IP  is checked
    Local port  1193
    Address pool: 192.168.10.0/24
    Use static IPs  not checked
    Local network  blanked,
    Remote network  192.168.250.0/24

    Here are the logs I get.

    client side, last to first

    Nov 26 12:14:53 openvpn[39023]: Initialization Sequence Completed
    Nov 26 12:14:53 openvpn[39023]: Peer Connection Initiated with Server Public IP:1193
    Nov 26 12:14:52 openvpn[39023]: TCPv4_CLIENT link remote: Server Public IP:1193
    Nov 26 12:14:52 openvpn[39023]: TCPv4_CLIENT link local: [undef]
    Nov 26 12:14:52 openvpn[39023]: TCP connection established with Server Public IP:1193
    Nov 26 12:14:52 openvpn[39023]: Attempting to establish TCP connection with Server Public IP:1193

    server side, last to first.

    Nov 26 12:14:54 openvpn[43206]: Initialization Sequence Completed
    Nov 26 12:14:53 openvpn[43206]: Peer Connection Initiated with Client Public IP:30633
    Nov 26 12:14:53 openvpn[43206]: TCPv4_SERVER link remote: Client Public IP:30633
    Nov 26 12:14:53 openvpn[43206]: TCPv4_SERVER link local (bound): [undef]:1193
    Nov 26 12:14:53 openvpn[43206]: TCP connection established with Client Public IP:30633
    Nov 26 12:14:51 openvpn[43206]: Listening for incoming TCP connection on [undef]:1193
    Nov 26 12:14:51 openvpn[43206]: Preserving previous TUN/TAP instance: tun1
    Nov 26 12:14:51 openvpn[43206]: TCP/UDP: Preserving recently used remote address: Client Public IP:12268
    Nov 26 12:14:51 openvpn[43206]: Re-using pre-shared static key
    Nov 26 12:14:50 openvpn[43206]: SIGUSR1[soft,connection-reset] received, process restarting
    Nov 26 12:14:50 openvpn[43206]: Connection reset, restarting [0]

    and no ping, no traceroute, no ability to remote deskotop, can't outlook, etc.

    firewall rules are setup on both sides to allow 1193 in and i'm getting nowhere.

    please help?



  • anybody? help? this should be pretty simple, site to site, right? it's not working and i'm going to have to use another solution if i can't get this to work… i'd really like to use pfsense... what's going wrong?



  • could you post the actual openVPn config files?
    (they are stored in /var/etc/ )



  • @noitalever:

    I have on the client side: (which is the 192.168.250.1 Lan)

    Protocol  TCP
    Server address :70.xxx.xxx.xxx
    Server port :1193
    Interface IP  192.168.10.0/24
    Remote network  192.168.252.0/24

    and on the server side,

    Protocol  TCP
    Dynamic IP  is checked
    Local port  1193
    Address pool: 192.168.10.0/24
    Use static IPs  not checked
    Local network  blanked,
    Remote network  192.168.250.0/24

    I think that this could help, you should set a rule a for a push route so the client side know what is what on the server side? (email servers Domain controllers?)

    push "dhcp-option DNS x.x.x.x";push "dhcp-option WINS x.x.x.x"

    that was the old school way now they have a fill in the boxes with your needed servers ip

    also shouldn't you fill in the local network in the upperbox?


Log in to reply