Site to Site Question
-
Your client needs to have 2 IP's too.
A "real" IP in your LAN2 (whatever subnet you have in LAN2)
and a "virtual" IP for the VPN.
In your case the virtual openVPN client should be 192.168.22.x/24 -
I just don't understand why I am getting that error in the logs then
openvpn[38541]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.22.1 192.168.22.2', remote='ifconfig 10.0.0.1 10.0.0.2'
-
Yes, GruensFroeschli, I'm sure it works, I've been using the tunnel for two weeks now :)
I've corrected what was wrong though….For me it was that i had configured the "Interface IP" as the same subnet as my LAN-subnet on the client side. That is...to correct the problem i configured "Address pool" on the server to the same subnet as "Interface IP" on the client (and that subnet don't exist anywhere else).
-
I just don't understand why I am getting that error in the logs then
openvpn[38541]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.22.1 192.168.22.2', remote='ifconfig 10.0.0.1 10.0.0.2'
Is this warning on the client side?
If yes then your settings on the serverside are incorrect. Your current "virtual" IP on the serverside is (in case the warning is on the client side) in the 10.0.0.x subnet but it should be in the 192.168.22.x subnet.
if you take a look at the serverlog you will see a similar warning with the IPs in question exchanged. -
Attached are my server settings and client settings. This is exactly how that documentation reads (I believe) Please let me know what is wrong and why I am getting the errors. I get the errors on both sides.
Server Error
openvpn[33890]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.22.1 192.168.22.2', remote='ifconfig 10.0.0.1 10.0.0.2'Client Error
openvpn[34604]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 10.0.0.2 10.0.0.1', remote='ifconfig 192.168.22.2 192.168.22.1'
-
These settings are a bit inconsistant.
On your server:
You specify an IP-range which should be assigned dynamically to your clients connecting, but you assign a static IP to the client.
Either you define a Range and then let the IP's be assigned automatically (this is used in a PKI),
or you set with the "Address pool" field you local IP (in a PSK setup).
This is maybe a bit confusing named.
You have to decide what you want. If you want a site-to-site connection, connecting two LAN's you better use a PSK setup with static IP's. If you have mobile clients connecting you better assign them dynamically.You specify on your server a "remote network" is that the subnet of your second LAN?
I still dont really understand where you have what subnet.
I'll explain with IP's i have running between my home and that of a friend:me:
LAN: 172.17.100.x
VPNserver: 10.0.0.1friend:
LAN: 172.22.100.x
VPNclient: 10.0.0.2So i set on my pfSense (the openVPN server) as remote network 172.22.100.0/24
On your client:
The interface IP you specify here is a virtual interface.
It is the endpoint of the tunnel you create. This has to be in the same subnet than you specified on the server. In my example above the client is 10.0.0.2 (while the server is 10.0.0.1).
Here you specify as remote network the network on the other side of the tunnel (in my case 172.17.100.x).i hope this makes it a bit more clear :)
-
Doesn't what you just said make the documentation for http://pfsense.untouchable.net/tutorials/openvpn/pfsense-ovpn.pdf wrong? I am pretty sure I match the documentation for the site to site setup.
-
I wrote an email to the author of the documentation.
If you take a close look you see there is a cursor in the screenshot on page 21 in the interface field.
i think this is more of a typo than an error ^^"But i think general sense should tell you that two interfaces between which is traffic transfered should be in the same subnet.
-
So just to clarify you are saying that where the cursor is should say 192.168.10.0 ?
-
yes.
