Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Weird Site to Site Openvpn Problem

    OpenVPN
    2
    3
    775
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lsk last edited by

      Hello to everyone,
      I'm experiencing a weird problem wit a multi-wan site-to-site OpenVpn.

      To make it short I can access from the client lan (10.0.1.0/24) to the server lan (10.0.0.0/24) via a tunnel (10.0.8.0/30) without a problem (a bit slow maybe), but not vice-versa, it just load forever.

      The weird thing is that from server lan I can ping all the devices, and I can also see the default page from an Apache server on the client side, but that's all I can do. No ssh, no dynamic pages, no samba shares. I cannot access neither the client side Pfsense gui.

      my current configuration is multi wan on the server side with the vpn

      This is the server config
      https://www.dropbox.com/s/hr9j9o7cfiy9hmr/FireShot%20Capture%201%20-%20pfsense.localdomain%20-%20OpenVPN_%20Server_%20-%20http___10.0.0.1_vpn_openvpn_server.php.png?dl=0

      This is the client config
      https://www.dropbox.com/s/l5sxgbaw1t3p60k/FireShot%20Capture%201%20-%20pfsense-manesseno.drafinsub-manesseno_%20-%20http___10.0.1.1_vpn_openvpn_client.php.png?dl=0

      On the server side the interface is configured as localhost because of the multiwan there is a port forwarding

      EOLO	UDP	*	*	EOLO address	500 (ISAKMP)	127.0.0.1	500 (ISAKMP)	Eolo VPN multiwan 	
VODAFONE20MB	UDP	*	*	Vodafone address	500 (ISAKMP)	127.0.0.1	500 (ISAKMP)	Vodafone 20MB VPN multiwan

      there are also rules about opening the port 500 on both routers (and on both multiwan connections)

      What I forgot to check?

      Thank you in advance

      1 Reply Last reply Reply Quote 0
      • J
        jake last edited by

        Change your subnet on both PfSense boxes for the IPv4 Tunnel network to /24

        So instead of 10.0.8.0/30 do 10.0.8.0/24

        Try that.

        Also, make sure you have an allow firewall rule for the OpenVPN interface on each PfSense.

        Lastly, why are you using DES-CBC 64bit????

        Jake

        1 Reply Last reply Reply Quote 0
        • L
          lsk last edited by

          To be honest I don't know why is set with such an algorithm  :o . I changed it to a more standard AES. I tried to change the network mask to 24 but nothin changed.
          For the firewall rules:
          How should be set? is not enough a "allow all" rule in both the openvpn tab?

          Thank you

          Update: now works, but the connection goes down every one hour or so and hangs on ping-reconnect.
          also I found a crash report logging into the server: http://pastebin.com/dHKJ9CKz
          Any advice about what to check?

          Thank you

          1 Reply Last reply Reply Quote 0
          • First post
            Last post