Open VPN Site-to-Ste
-
Hello all, I am new to this forum and using pfsense. Now that I have gotten that out the way I am having problems with a site-to-site connection which I meet in place. The site-to-site connection established using openvpn Site A is configured as the server Site B is the client. Site B can access all of Site A servers and make calls to site A office using a 4 digit extension.
Moreover, Site A can touch resources on Site B such as printers and computers. However, Site A cannot make calls to Site B using the four digit extension. Can someone help with this?
Please note that two way communication with the phones system worked before the site-to-site vpn was established.
-
Can someone help with this?
Not with this amount of info about the "four digit extension" phone system in place.
-
Both Sites have its own PBX for telecommunications purposes. It is to my understanding that a layer 2 connection was used to connect both sites and either sites could have contacted each other using a four digit extension. However to reduce cost the layer 2 connection was taken out and pfsense site-to-site openvpn was established. However, site B can contact site A with there four digit extension however site A cannot contact Site B via four digit extension. Moreover Site A can touch the resources in site B such as computers firewall, printers.
-
If there used to be layer 2 then I guess the subnets are the same at both sites.
Is the OpenVPN site-to-site in tap (bridging) or tun (tunnel) mode?
What are the LAN subnets at each end?
What is the OpenVPN tunnel network?
What do you have in "Local Network/s" and "Remote Network/s" fields OpenVPN settings at each end?
What are the firewall rules on OpenVPN and LAN one each pfSense?
-
Open VPN is in tunnel mode
Lan subnets are as follows
Site A Server 172.200.3.0/24 (local)
Site B Client 172.200.4.0/24 (Remote)OpenVPN Tunnel
10.200.10.0/24On the client it do not provide a field for local just remote and tunnel
OpenVPN Firewall Rules Allow all any destination any port -
172.200.x.x is NOT a usable RFC1918 address range. You can use IPs withing 172.16/12, not this.
NetRange: 172.200.0.0 - 172.216.255.255 CIDR: 172.200.0.0/13, 172.208.0.0/13, 172.216.0.0/16 NetName: AOL-172BLK-2 NetHandle: NET-172-200-0-0-1 Parent: NET172 (NET-172-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: AOL Inc. (AOLIN-1) RegDate: 2002-02-13 Updated: 2014-05-19 Ref: http://whois.arin.net/rest/net/NET-172-200-0-0-1
-
Ok I just made changes
Site A 172.16.3.0/24
Site B 172.16.4.0/24
However, I am still unable to make communication via telephone from site A. The network aspect is fine on both sites
-
Assuming there is a straight forward setup at each end, you either have a routing, firewall, NAT, DNS or application (phone system) issue. You've stated that both sides can access each other's resources, so the networking should be in place, but I hate to assume, so we need more details:
-
Post a network map, so we have a better idea of how things are connected.
-
Post the server1.conf from server and the client1.conf from the client.
-
Post a screen shot of the firewall rules from the LAN tab and OpenVPN tab on each end
-
What kind of phone system is being used and what is it running on?
-
Are there any blocks in the logs at either end?
-