Open VPN Site-to-Ste
Hello all, I am new to this forum and using pfsense. Now that I have gotten that out the way I am having problems with a site-to-site connection which I meet in place. The site-to-site connection established using openvpn Site A is configured as the server Site B is the client. Site B can access all of Site A servers and make calls to site A office using a 4 digit extension.
Moreover, Site A can touch resources on Site B such as printers and computers. However, Site A cannot make calls to Site B using the four digit extension. Can someone help with this?
Please note that two way communication with the phones system worked before the site-to-site vpn was established.
doktornotor Banned last edited by
Can someone help with this?
Not with this amount of info about the "four digit extension" phone system in place.
Both Sites have its own PBX for telecommunications purposes. It is to my understanding that a layer 2 connection was used to connect both sites and either sites could have contacted each other using a four digit extension. However to reduce cost the layer 2 connection was taken out and pfsense site-to-site openvpn was established. However, site B can contact site A with there four digit extension however site A cannot contact Site B via four digit extension. Moreover Site A can touch the resources in site B such as computers firewall, printers.
phil.davis last edited by
If there used to be layer 2 then I guess the subnets are the same at both sites.
Is the OpenVPN site-to-site in tap (bridging) or tun (tunnel) mode?
What are the LAN subnets at each end?
What is the OpenVPN tunnel network?
What do you have in "Local Network/s" and "Remote Network/s" fields OpenVPN settings at each end?
What are the firewall rules on OpenVPN and LAN one each pfSense?
Open VPN is in tunnel mode
Lan subnets are as follows
Site A Server 184.108.40.206/24 (local)
Site B Client 220.127.116.11/24 (Remote)
On the client it do not provide a field for local just remote and tunnel
OpenVPN Firewall Rules Allow all any destination any port
doktornotor Banned last edited by
172.200.x.x is NOT a usable RFC1918 address range. You can use IPs withing 172.16/12, not this.
NetRange: 18.104.22.168 - 22.214.171.124 CIDR: 126.96.36.199/13, 188.8.131.52/13, 184.108.40.206/16 NetName: AOL-172BLK-2 NetHandle: NET-172-200-0-0-1 Parent: NET172 (NET-172-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: AOL Inc. (AOLIN-1) RegDate: 2002-02-13 Updated: 2014-05-19 Ref: http://whois.arin.net/rest/net/NET-172-200-0-0-1
Ok I just made changes
Site A 172.16.3.0/24
Site B 172.16.4.0/24
However, I am still unable to make communication via telephone from site A. The network aspect is fine on both sites
marvosa last edited by
Assuming there is a straight forward setup at each end, you either have a routing, firewall, NAT, DNS or application (phone system) issue. You've stated that both sides can access each other's resources, so the networking should be in place, but I hate to assume, so we need more details:
Post a network map, so we have a better idea of how things are connected.
Post the server1.conf from server and the client1.conf from the client.
Post a screen shot of the firewall rules from the LAN tab and OpenVPN tab on each end
What kind of phone system is being used and what is it running on?
Are there any blocks in the logs at either end?