Site-to-Site tunnel timing out from satellite office side [RESOLVED]



  • I'm setting up a satellite office to our home office and on the home office side I see the "Initialization Sequence Completed" message indicated from its point of view the openvpn tunnel is up but the satellite office side stops at "May 12 14:32:16 openvpn[51867]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1195" and then its next message is "May 12 14:33:17 openvpn[51867]: [UNDEF] Inactivity timeout (–ping-restart), restarting"

    Anybody have any idea why it the satellite office side just times out connecting?  (I do have a pass firewall rule in place on the home office pfsense)

    home office pfsense 2.1.2 amd64 "OpenVPN 2.3.2 amd64-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 27 2014"
    satellite office pfsense 2.1.3 nanobsd (netgate apu4) "OpenVPN 2.3.2 amd64-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jan 15 2014"

    Below is my pasted in config of the home office and satellite office:

    home office:
    dev ovpns2
    dev-type tun
    tun-ipv6
    dev-node /dev/tun2
    writepid /var/run/openvpn_server2.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local xxx.xxx.xxx.xxx
    tls-server
    server 192.168.155.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    ifconfig 192.168.155.1 192.168.155.2
    tls-verify /var/etc/openvpn/server2.tls-verify.php
    lport 1195
    management /var/etc/openvpn/server2.sock unix
    ca /var/etc/openvpn/server2.ca
    cert /var/etc/openvpn/server2.cert
    key /var/etc/openvpn/server2.key
    dh /etc/dh-parameters.1024
    tls-auth /var/etc/openvpn/server2.tls-auth 0
    route 192.168.1.0 255.255.255.0
    push "route 192.168.0.0 255.255.255.0"
    route 192.168.2.0 255.255.255.0
    push "route 10.10.4.0 255.255.255.0"

    satellite office:
    dev ovpnc1
    dev-type tun
    tun-ipv6
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local xxx.xxx.xxx.xxx
    tls-client
    client
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote xxx.xxx.xxx.xxx 1195
    ifconfig 192.168.155.2 192.168.155.1
    route 192.168.0.0 255.255.255.0
    route 10.10.4.0 255.255.255.0
    ca /var/etc/openvpn/client1.ca
    cert /var/etc/openvpn/client1.cert
    key /var/etc/openvpn/client1.key
    tls-auth /var/etc/openvpn/client1.tls-auth 1

    The home office pfsense also has a 100 or so laptop openvpn remote access users connecting to it on port 1194



  • The vpn tunnel is working fine now.

    On the home pfsense firewall, it is a dual pfsense firewall using CARP for virtual ip's, the issue was my openvpn config on the home pfsense side was not listening on the CARP virtual ip but the real ip, once I changed it to the CARP ip the tunnel came right up.


Log in to reply