Site to Site stops working



  • I followed this guide https://www.youtube.com/watch?v=OeYtoM2VSzI to setup a site to site OpenVPN connection between my pfSense 2.2 and my dad's.  Both sites are basically as installed with the RRD Summary package as the only modification.  It's purpose is so I can backup my file server to his (I setup everything).  I setup his to be the server with a private network of 192.168.1.0/24 a VPN network of 10.0.0.0/24 with my pfSense being 192.168.0.0/24  The VPN gets established as show in the video.  I was able to ping and open the web interface on my dad's router and everything seemed to be working as expected.  I tried pinging the server IP on his network and didn't get a reply.  I also found that I couldn't connect to my own web interface any longer, nor could I ping the router.  Obviously, something with my configuration it's quite right, I thought I might be able to "undo" the issue by pulling my WAN connection and killing the VPN.  It didn't fix the issue.  Even after a reboot with the WAN disconnected, I couldn't connect to the router, or ping it.  Clients were unable to receive DHCP offers from the router as well.  One interesting thing is that from the console, I was able to ping my clients successfully, however they were unable to ping it.

    I'm quite a noob when it comes to VPN and routing.  I don't know how to disable the interface from the console, and don't even know if that would have resolved it.  What I ended up doing to restore service was to restore my pfSense and then restore from the backup I took before I started making changes.  After doing so, everything worked as it did prior to making the changes I made.  I am using TeamViewer to remotely connect to my dad's server and then using a browser on it to manage/configure his router.  I don't know if this is causing the issue once the VPN is established.  His router is functioning properly after I restored mine.  I do not know if he had any connectivity issues.  He's very old and uses the internet to check his email, and to support his VOIP phone lines.

    Any thoughts as to what might be going on?  I'm sure there are probably things that I don't know how to do at the console that may explain things, or at least try to get back to a working state.  If anyone has suggestions, I would appreciate it.

    Thanks


  • LAYER 8 Netgate

    I just watched that video.  My only comment is the WAN rule on the client is unnecessary.  Connections are made from the client to the server.  Only the server needs the rule on WAN to allow inbound connections.

    I assume you must have some conflicting/overlapping networks.  You might want to just list the details like:

    Site 1:
    LAN:
    OpenVPN Tunnel Network:

    Site 2:
    LAN:
    OpenVPN Tunnel Network:

    Listing the IP schemes at both.

    You might also want to post the /var/etc/openvpn/serverX.conf and clientX.conf and/or screenshots of your OpenVPN config pages and OpenVPN and LAN firewall rules.



  • Well, I decided to try it again and it worked, and has continued working.  I have already transferred 1 GB across the VPN without the issues I saw last time.  FYI, my info is as follows

    Site1:
    LAN: 192.168.1.0/24
    OpenVPN Tunnel Network: 10.0.0.0/30 - assigned IP 10.0.0.1

    Site2:
    LAN: 192.168.0.0/24
    OpenVPN Tunnel Network: 10.0.0.0/30 - assigned IP 10.0.0.2

    there is only one network at each site (home networks).

    Not sure what went wrong the first time, I'm just glad it's working now.  I have a snapshot of the system before I changed it today, and immediately after.  Thanks for your time and suggestions.


  • Banned

    Sigh. Selecting three absolutely worst IP ranges is quite an unique achievement in itself. Hope you never ever need any roadwarriors stuff working on any of those.


Log in to reply