Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] OpenVPN Connected but not complete.

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rickym
      last edited by

      I've tried multiple versions of pfsense and can't seem to get my two sites to talk properly.
      (I had it working for about 1 year on version 2.02, but unfortunately the server crashed and I had to recreate it).
      I've followed all the examples of how to do this and I'm sure I've got it right…After all I've done it before and I seem to remember it was relatively easy.

      I can login to the pfsense boxes from either end, so the tunnel is up and traffic can route through it.
      Unfortunately it's the only traffic I can see.
      One strange thing, I can see is DNS requests from the client to the server, on the servers openvpn port.
      I can't see them any where else, including the actual DNS server they are supposedly destined for.

      NOTE: Adding an entry in the hosts file so DNS isn't needed doesn't seem to make it through the tunnel at all.

      Can someone please help? I feel sure it's something really basic...

      Ricky

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Post details of what you have so far:

        1. LAN subnets at Office1 and Office2
        2. Tunnel network
        3. What is in Local and Remote network/s fields on OpenVPN server and client
        4. Rules on each LAN and on OpenVPN tab
        5. What OpenVPN method - certificates or PSK?

        It works really easily for me on 2.1 - as long as I get the subnets right in Local and Remote network/s and have rules everywhere to allow the traffic, away it goes.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • R
          rickym
          last edited by

          Thanks for Replying:

          Here's the information requested:

          Server Configs: (192.168.168.0/24 network)
          Uses Certificates over an Tun device mode on standard 1194 port.

          OpenVPN Rules

          OPT2 Rules (Renamed to BT80)

          Client Configs (192.168.2.0/24 network)

          OpenVPN Rules

          WAN Rules

          NOTE: Server is on Version 2.03 Release and Client is on 2.02 Release

          I've tried both Certificate and PSK, and had exactly the same problems.
          (Both seem to be connected properly, when I've tried them)

          Ricky

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            Those settings look good.
            You haven't show the rules on the LAN at each end - maybe the packets between 192.168.168.0/24<->192.168.2.0/24 are being blocked at the LAN?
            And is 192.168.1.0/24 tunnel subnet also used on some other interface in either system?
            That is the common or garden default LAN subnet in pfSense and so it would be very easy to still have it in use somewhere else. Maybe just change the Tunnel Network to something else to make sure.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • R
              rickym
              last edited by

              Changed Tunnel Network, still same result.

              Server LAN Settings

              Fairly sure the last rule isn't needed…

              Client LAN Settings

              Thanks,
              Ricky

              1 Reply Last reply Reply Quote 0
              • P
                phil.davis
                last edited by

                The "InternetFailover" rule will be a problem. That is telling pfSense to send traffic for ALL destinations to the InternetFailover group and force it out your WANs. Actually you want traffic to the opposite site LAN to go through the OpenVPN tunnel.
                Add another rule at the top of LAN rules,
                pass source LANnet, destination other-office-net, do not specify any gateway
                Then that traffic will be passed to the ordinary routing table, which will know to send it across the OpenVPN link.

                As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                1 Reply Last reply Reply Quote 0
                • R
                  rickym
                  last edited by

                  Thanks for replying Phil.
                  You where right about the Failover being the problem.
                  I raised a support ticket and Jim advised adding the following rule before the failover.

                  I also changed my Tunnel network to /30 on advice.

                  Ricky

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.