Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Weird Site to Site Openvpn Problem

    OpenVPN
    2
    3
    690
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lsk last edited by

      Hello to everyone,
      I'm experiencing a weird problem wit a multi-wan site-to-site OpenVpn.

      To make it short I can access from the client lan (10.0.1.0/24) to the server lan (10.0.0.0/24) via a tunnel (10.0.8.0/30) without a problem (a bit slow maybe), but not vice-versa, it just load forever.

      The weird thing is that from server lan I can ping all the devices, and I can also see the default page from an Apache server on the client side, but that's all I can do. No ssh, no dynamic pages, no samba shares. I cannot access neither the client side Pfsense gui.

      my current configuration is multi wan on the server side with the vpn

      This is the server config
      https://www.dropbox.com/s/hr9j9o7cfiy9hmr/FireShot%20Capture%201%20-%20pfsense.localdomain%20-%20OpenVPN_%20Server_%20-%20http___10.0.0.1_vpn_openvpn_server.php.png?dl=0

      This is the client config
      https://www.dropbox.com/s/l5sxgbaw1t3p60k/FireShot%20Capture%201%20-%20pfsense-manesseno.drafinsub-manesseno_%20-%20http___10.0.1.1_vpn_openvpn_client.php.png?dl=0

      On the server side the interface is configured as localhost because of the multiwan there is a port forwarding

      EOLO	UDP	*	*	EOLO address	500 (ISAKMP)	127.0.0.1	500 (ISAKMP)	Eolo VPN multiwan 	
VODAFONE20MB	UDP	*	*	Vodafone address	500 (ISAKMP)	127.0.0.1	500 (ISAKMP)	Vodafone 20MB VPN multiwan

      there are also rules about opening the port 500 on both routers (and on both multiwan connections)

      What I forgot to check?

      Thank you in advance

      1 Reply Last reply Reply Quote 0
      • J
        jake last edited by

        Change your subnet on both PfSense boxes for the IPv4 Tunnel network to /24

        So instead of 10.0.8.0/30 do 10.0.8.0/24

        Try that.

        Also, make sure you have an allow firewall rule for the OpenVPN interface on each PfSense.

        Lastly, why are you using DES-CBC 64bit????

        Jake

        1 Reply Last reply Reply Quote 0
        • L
          lsk last edited by

          To be honest I don't know why is set with such an algorithm  :o . I changed it to a more standard AES. I tried to change the network mask to 24 but nothin changed.
          For the firewall rules:
          How should be set? is not enough a "allow all" rule in both the openvpn tab?

          Thank you

          Update: now works, but the connection goes down every one hour or so and hangs on ping-reconnect.
          also I found a crash report logging into the server: http://pastebin.com/dHKJ9CKz
          Any advice about what to check?

          Thank you

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy