1. Home
  2. pfSense® Software
  3. OpenVPN
  4. Weird Site to Site Openvpn Problem

Weird Site to Site Openvpn Problem

  • L

    Hello to everyone,
    I'm experiencing a weird problem wit a multi-wan site-to-site OpenVpn.

    To make it short I can access from the client lan (10.0.1.0/24) to the server lan (10.0.0.0/24) via a tunnel (10.0.8.0/30) without a problem (a bit slow maybe), but not vice-versa, it just load forever.

    The weird thing is that from server lan I can ping all the devices, and I can also see the default page from an Apache server on the client side, but that's all I can do. No ssh, no dynamic pages, no samba shares. I cannot access neither the client side Pfsense gui.

    my current configuration is multi wan on the server side with the vpn

    This is the server config
    https://www.dropbox.com/s/hr9j9o7cfiy9hmr/FireShot%20Capture%201%20-%20pfsense.localdomain%20-%20OpenVPN_%20Server_%20-%20http___10.0.0.1_vpn_openvpn_server.php.png?dl=0

    This is the client config
    https://www.dropbox.com/s/l5sxgbaw1t3p60k/FireShot%20Capture%201%20-%20pfsense-manesseno.drafinsub-manesseno_%20-%20http___10.0.1.1_vpn_openvpn_client.php.png?dl=0

    On the server side the interface is configured as localhost because of the multiwan there is a port forwarding

    EOLO	UDP	*	*	EOLO address	500 (ISAKMP)	127.0.0.1	500 (ISAKMP)	Eolo VPN multiwan 	
VODAFONE20MB	UDP	*	*	Vodafone address	500 (ISAKMP)	127.0.0.1	500 (ISAKMP)	Vodafone 20MB VPN multiwan

    there are also rules about opening the port 500 on both routers (and on both multiwan connections)

    What I forgot to check?

    Thank you in advance

    0
  • J

    Change your subnet on both PfSense boxes for the IPv4 Tunnel network to /24

    So instead of 10.0.8.0/30 do 10.0.8.0/24

    Try that.

    Also, make sure you have an allow firewall rule for the OpenVPN interface on each PfSense.

    Lastly, why are you using DES-CBC 64bit????

    Jake

    0
  • L

    To be honest I don't know why is set with such an algorithm  :o . I changed it to a more standard AES. I tried to change the network mask to 24 but nothin changed.
    For the firewall rules:
    How should be set? is not enough a "allow all" rule in both the openvpn tab?

    Thank you

    Update: now works, but the connection goes down every one hour or so and hangs on ping-reconnect.
    also I found a crash report logging into the server: http://pastebin.com/dHKJ9CKz
    Any advice about what to check?

    Thank you

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy