Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site-to-Site tunnel timing out from satellite office side [RESOLVED]

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 859 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cgill27
      last edited by

      I'm setting up a satellite office to our home office and on the home office side I see the "Initialization Sequence Completed" message indicated from its point of view the openvpn tunnel is up but the satellite office side stops at "May 12 14:32:16 openvpn[51867]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1195" and then its next message is "May 12 14:33:17 openvpn[51867]: [UNDEF] Inactivity timeout (–ping-restart), restarting"

      Anybody have any idea why it the satellite office side just times out connecting?  (I do have a pass firewall rule in place on the home office pfsense)

      home office pfsense 2.1.2 amd64 "OpenVPN 2.3.2 amd64-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 27 2014"
      satellite office pfsense 2.1.3 nanobsd (netgate apu4) "OpenVPN 2.3.2 amd64-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jan 15 2014"

      Below is my pasted in config of the home office and satellite office:

      home office:
      dev ovpns2
      dev-type tun
      tun-ipv6
      dev-node /dev/tun2
      writepid /var/run/openvpn_server2.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local xxx.xxx.xxx.xxx
      tls-server
      server 192.168.155.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc
      ifconfig 192.168.155.1 192.168.155.2
      tls-verify /var/etc/openvpn/server2.tls-verify.php
      lport 1195
      management /var/etc/openvpn/server2.sock unix
      ca /var/etc/openvpn/server2.ca
      cert /var/etc/openvpn/server2.cert
      key /var/etc/openvpn/server2.key
      dh /etc/dh-parameters.1024
      tls-auth /var/etc/openvpn/server2.tls-auth 0
      route 192.168.1.0 255.255.255.0
      push "route 192.168.0.0 255.255.255.0"
      route 192.168.2.0 255.255.255.0
      push "route 10.10.4.0 255.255.255.0"

      satellite office:
      dev ovpnc1
      dev-type tun
      tun-ipv6
      dev-node /dev/tun1
      writepid /var/run/openvpn_client1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local xxx.xxx.xxx.xxx
      tls-client
      client
      lport 0
      management /var/etc/openvpn/client1.sock unix
      remote xxx.xxx.xxx.xxx 1195
      ifconfig 192.168.155.2 192.168.155.1
      route 192.168.0.0 255.255.255.0
      route 10.10.4.0 255.255.255.0
      ca /var/etc/openvpn/client1.ca
      cert /var/etc/openvpn/client1.cert
      key /var/etc/openvpn/client1.key
      tls-auth /var/etc/openvpn/client1.tls-auth 1

      The home office pfsense also has a 100 or so laptop openvpn remote access users connecting to it on port 1194

      1 Reply Last reply Reply Quote 0
      • C
        cgill27
        last edited by

        The vpn tunnel is working fine now.

        On the home pfsense firewall, it is a dual pfsense firewall using CARP for virtual ip's, the issue was my openvpn config on the home pfsense side was not listening on the CARP virtual ip but the real ip, once I changed it to the CARP ip the tunnel came right up.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.