Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN Site-to-Ste

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      akeem1985
      last edited by

      Hello all, I am new to this forum and using pfsense. Now that I have gotten that out the way I am having problems with a site-to-site connection which I meet in place.  The site-to-site connection established using openvpn Site A is configured as the server Site B is the client. Site B can access all of Site A servers and make calls to site A office using a 4 digit extension.

      Moreover, Site A can touch resources on Site B such as printers and computers. However, Site A cannot make calls to Site B using the four digit extension. Can someone help with this?

      Please note that two way communication with the phones system worked before the site-to-site vpn was established.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        @akeem1985:

        Can someone help with this?

        Not with this amount of info about the "four digit extension" phone system in place.

        1 Reply Last reply Reply Quote 0
        • A
          akeem1985
          last edited by

          Both Sites have its own PBX for telecommunications purposes. It is to my understanding that a layer 2 connection was used to connect both sites and either sites could have contacted each other using a four digit extension. However to reduce cost the layer 2 connection was taken out and pfsense site-to-site openvpn was established. However, site B can contact site A with there four digit extension however site A cannot contact Site B via four digit extension. Moreover Site A can touch the resources in site B such as computers firewall, printers.

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            If there used to be layer 2 then I guess the subnets are the same at both sites.

            Is the OpenVPN site-to-site in tap (bridging) or tun (tunnel) mode?

            What are the LAN subnets at each end?

            What is the OpenVPN tunnel network?

            What do you have in "Local Network/s" and "Remote Network/s" fields OpenVPN settings at each end?

            What are the firewall rules on OpenVPN and LAN one each pfSense?

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • A
              akeem1985
              last edited by

              Open VPN is in tunnel mode

              Lan subnets are as follows

              Site A Server 172.200.3.0/24 (local)
              Site B Client 172.200.4.0/24 (Remote)

              OpenVPN Tunnel
              10.200.10.0/24

              On the client it do not provide a field for local just remote and tunnel
              OpenVPN Firewall Rules Allow all any destination any port

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                172.200.x.x is NOT a usable RFC1918 address range. You can use IPs withing 172.16/12, not this.

                NetRange:       172.200.0.0 - 172.216.255.255
                CIDR:           172.200.0.0/13, 172.208.0.0/13, 172.216.0.0/16
                NetName:        AOL-172BLK-2
                NetHandle:      NET-172-200-0-0-1
                Parent:         NET172 (NET-172-0-0-0-0)
                NetType:        Direct Allocation
                OriginAS:       
                Organization:   AOL Inc. (AOLIN-1)
                RegDate:        2002-02-13
                Updated:        2014-05-19
                Ref:            http://whois.arin.net/rest/net/NET-172-200-0-0-1
                
                1 Reply Last reply Reply Quote 0
                • A
                  akeem1985
                  last edited by

                  Ok I just made changes

                  Site A 172.16.3.0/24

                  Site B 172.16.4.0/24

                  However, I am still unable to make communication via telephone from site A. The network aspect is fine on both sites

                  1 Reply Last reply Reply Quote 0
                  • M
                    marvosa
                    last edited by

                    Assuming there is a straight forward setup at each end, you either have a routing, firewall, NAT, DNS or application (phone system) issue.  You've stated that both sides can access each other's resources, so the networking should be in place, but I hate to assume, so we need more details:

                    • Post a network map, so we have a better idea of how things are connected.

                    • Post the server1.conf from server and the client1.conf from the client.

                    • Post a screen shot of the firewall rules from the LAN tab and OpenVPN tab on each end

                    • What kind of phone system is being used and what is it running on?

                    • Are there any blocks in the logs at either end?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.