Site-to-Site tunnel timing out from satellite office side [RESOLVED]

cgill27

I'm setting up a satellite office to our home office and on the home office side I see the "Initialization Sequence Completed" message indicated from its point of view the openvpn tunnel is up but the satellite office side stops at "May 12 14:32:16 openvpn[51867]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1195" and then its next message is "May 12 14:33:17 openvpn[51867]: [UNDEF] Inactivity timeout (–ping-restart), restarting"

Anybody have any idea why it the satellite office side just times out connecting?  (I do have a pass firewall rule in place on the home office pfsense)

home office pfsense 2.1.2 amd64 "OpenVPN 2.3.2 amd64-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 27 2014"
satellite office pfsense 2.1.3 nanobsd (netgate apu4) "OpenVPN 2.3.2 amd64-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jan 15 2014"

Below is my pasted in config of the home office and satellite office:

home office:
dev ovpns2
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local xxx.xxx.xxx.xxx
tls-server
server 192.168.155.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
ifconfig 192.168.155.1 192.168.155.2
tls-verify /var/etc/openvpn/server2.tls-verify.php
lport 1195
management /var/etc/openvpn/server2.sock unix
ca /var/etc/openvpn/server2.ca
cert /var/etc/openvpn/server2.cert
key /var/etc/openvpn/server2.key
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server2.tls-auth 0
route 192.168.1.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
route 192.168.2.0 255.255.255.0
push "route 10.10.4.0 255.255.255.0"

satellite office:
dev ovpnc1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local xxx.xxx.xxx.xxx
tls-client
client
lport 0
management /var/etc/openvpn/client1.sock unix
remote xxx.xxx.xxx.xxx 1195
ifconfig 192.168.155.2 192.168.155.1
route 192.168.0.0 255.255.255.0
route 10.10.4.0 255.255.255.0
ca /var/etc/openvpn/client1.ca
cert /var/etc/openvpn/client1.cert
key /var/etc/openvpn/client1.key
tls-auth /var/etc/openvpn/client1.tls-auth 1

The home office pfsense also has a 100 or so laptop openvpn remote access users connecting to it on port 1194

cgill27

The vpn tunnel is working fine now.

On the home pfsense firewall, it is a dual pfsense firewall using CARP for virtual ip's, the issue was my openvpn config on the home pfsense side was not listening on the CARP virtual ip but the real ip, once I changed it to the CARP ip the tunnel came right up.