• Hello all, I am new to this forum and using pfsense. Now that I have gotten that out the way I am having problems with a site-to-site connection which I meet in place.  The site-to-site connection established using openvpn Site A is configured as the server Site B is the client. Site B can access all of Site A servers and make calls to site A office using a 4 digit extension.

    Moreover, Site A can touch resources on Site B such as printers and computers. However, Site A cannot make calls to Site B using the four digit extension. Can someone help with this?

    Please note that two way communication with the phones system worked before the site-to-site vpn was established.

  • Banned


    Can someone help with this?

    Not with this amount of info about the "four digit extension" phone system in place.

  • Both Sites have its own PBX for telecommunications purposes. It is to my understanding that a layer 2 connection was used to connect both sites and either sites could have contacted each other using a four digit extension. However to reduce cost the layer 2 connection was taken out and pfsense site-to-site openvpn was established. However, site B can contact site A with there four digit extension however site A cannot contact Site B via four digit extension. Moreover Site A can touch the resources in site B such as computers firewall, printers.

  • If there used to be layer 2 then I guess the subnets are the same at both sites.

    Is the OpenVPN site-to-site in tap (bridging) or tun (tunnel) mode?

    What are the LAN subnets at each end?

    What is the OpenVPN tunnel network?

    What do you have in "Local Network/s" and "Remote Network/s" fields OpenVPN settings at each end?

    What are the firewall rules on OpenVPN and LAN one each pfSense?

  • Open VPN is in tunnel mode

    Lan subnets are as follows

    Site A Server (local)
    Site B Client (Remote)

    OpenVPN Tunnel

    On the client it do not provide a field for local just remote and tunnel
    OpenVPN Firewall Rules Allow all any destination any port

  • Banned

    172.200.x.x is NOT a usable RFC1918 address range. You can use IPs withing 172.16/12, not this.

    NetRange: -
    CIDR: ,,
    NetName:        AOL-172BLK-2
    NetHandle:      NET-172-200-0-0-1
    Parent:         NET172 (NET-172-0-0-0-0)
    NetType:        Direct Allocation
    Organization:   AOL Inc. (AOLIN-1)
    RegDate:        2002-02-13
    Updated:        2014-05-19
    Ref:            http://whois.arin.net/rest/net/NET-172-200-0-0-1

  • Ok I just made changes

    Site A

    Site B

    However, I am still unable to make communication via telephone from site A. The network aspect is fine on both sites

  • Assuming there is a straight forward setup at each end, you either have a routing, firewall, NAT, DNS or application (phone system) issue.  You've stated that both sides can access each other's resources, so the networking should be in place, but I hate to assume, so we need more details:

    • Post a network map, so we have a better idea of how things are connected.

    • Post the server1.conf from server and the client1.conf from the client.

    • Post a screen shot of the firewall rules from the LAN tab and OpenVPN tab on each end

    • What kind of phone system is being used and what is it running on?

    • Are there any blocks in the logs at either end?