Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Site-To-Site Firewall/routing issues

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      awsiemieniec
      last edited by

      Two sites: Colo and Office

      Colo IP space: 192.168.58.0/24
      Colo pfSense IP: 192.168.58.1

      tunnel IP: 10.1.100.0/30

      Office IP space: 192.168.59.0 /24
      Office pfSense IP: 192.168.59.1

      I'm using OpenVPN Peer-to-Peer (shared key) on two identical pfSense builds (2.1-RELEASE (amd64) )

      Colo is "Server" of the OpenVPN config
      Office is "Client" of the OpenVPN config

      The tunnel is up and established according to the status screen.
      I SSH into the pfSense server at the colo and I am able to ping across the VPN to any address in the 192.168.59.0/24 subnet (office).
      I SSH into the pfSense server at the office and I am only able to ping the IP of the colo pfSense (192.168.58.1).  All other pinging of colo IPs fail.

      This isn't rocket science but I'm missing something somewhere.  I followed the doc here:
      https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)

      I think the problem is a firewall or NAT rule not properly defined.  Can someone look at theirs and post so I can modify mine to match or offer any other ideas?  I've tried so many combinations of rules that now I'm not sure what is working and what isn't.

      UPDATE: Looking at the logs, it appears that the colo pfSense is sending everything over the OpenVPN tunnel in IPv6 format and not IPv4.  I am not allowing IPv6 on either pfSense so I don't know where to turn off IPv6 for the tunnel. (?)

      UPDATE2: Found a lot of these in the colo System Log > OpenVPN:
      openvpn[58697]: read from TUN/TAP : Device not configured (code=6)

      UPDATE3:  Restarting the VPN connection/tunnel resolved the error above.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Not sure if you still have a problem?
        Maybe the firewall rule on Colo OpenVPN tab is only allowing traffic to destination LANaddress, and it should be LANnet?
        Maybe the target servers at Colo have their default gateway something else? so they don't know how to reply back to you through pfSense?
        or ?

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.