Open VPN Site-to-Ste



  • Hello all, I am new to this forum and using pfsense. Now that I have gotten that out the way I am having problems with a site-to-site connection which I meet in place.  The site-to-site connection established using openvpn Site A is configured as the server Site B is the client. Site B can access all of Site A servers and make calls to site A office using a 4 digit extension.

    Moreover, Site A can touch resources on Site B such as printers and computers. However, Site A cannot make calls to Site B using the four digit extension. Can someone help with this?

    Please note that two way communication with the phones system worked before the site-to-site vpn was established.


  • Banned

    @akeem1985:

    Can someone help with this?

    Not with this amount of info about the "four digit extension" phone system in place.



  • Both Sites have its own PBX for telecommunications purposes. It is to my understanding that a layer 2 connection was used to connect both sites and either sites could have contacted each other using a four digit extension. However to reduce cost the layer 2 connection was taken out and pfsense site-to-site openvpn was established. However, site B can contact site A with there four digit extension however site A cannot contact Site B via four digit extension. Moreover Site A can touch the resources in site B such as computers firewall, printers.



  • If there used to be layer 2 then I guess the subnets are the same at both sites.

    Is the OpenVPN site-to-site in tap (bridging) or tun (tunnel) mode?

    What are the LAN subnets at each end?

    What is the OpenVPN tunnel network?

    What do you have in "Local Network/s" and "Remote Network/s" fields OpenVPN settings at each end?

    What are the firewall rules on OpenVPN and LAN one each pfSense?



  • Open VPN is in tunnel mode

    Lan subnets are as follows

    Site A Server 172.200.3.0/24 (local)
    Site B Client 172.200.4.0/24 (Remote)

    OpenVPN Tunnel
    10.200.10.0/24

    On the client it do not provide a field for local just remote and tunnel
    OpenVPN Firewall Rules Allow all any destination any port


  • Banned

    172.200.x.x is NOT a usable RFC1918 address range. You can use IPs withing 172.16/12, not this.

    NetRange:       172.200.0.0 - 172.216.255.255
    CIDR:           172.200.0.0/13, 172.208.0.0/13, 172.216.0.0/16
    NetName:        AOL-172BLK-2
    NetHandle:      NET-172-200-0-0-1
    Parent:         NET172 (NET-172-0-0-0-0)
    NetType:        Direct Allocation
    OriginAS:       
    Organization:   AOL Inc. (AOLIN-1)
    RegDate:        2002-02-13
    Updated:        2014-05-19
    Ref:            http://whois.arin.net/rest/net/NET-172-200-0-0-1
    


  • Ok I just made changes

    Site A 172.16.3.0/24

    Site B 172.16.4.0/24

    However, I am still unable to make communication via telephone from site A. The network aspect is fine on both sites



  • Assuming there is a straight forward setup at each end, you either have a routing, firewall, NAT, DNS or application (phone system) issue.  You've stated that both sides can access each other's resources, so the networking should be in place, but I hate to assume, so we need more details:

    • Post a network map, so we have a better idea of how things are connected.

    • Post the server1.conf from server and the client1.conf from the client.

    • Post a screen shot of the firewall rules from the LAN tab and OpenVPN tab on each end

    • What kind of phone system is being used and what is it running on?

    • Are there any blocks in the logs at either end?


Log in to reply