Weird Site to Site Openvpn Problem
-
Hello to everyone,
I'm experiencing a weird problem wit a multi-wan site-to-site OpenVpn.To make it short I can access from the client lan (10.0.1.0/24) to the server lan (10.0.0.0/24) via a tunnel (10.0.8.0/30) without a problem (a bit slow maybe), but not vice-versa, it just load forever.
The weird thing is that from server lan I can ping all the devices, and I can also see the default page from an Apache server on the client side, but that's all I can do. No ssh, no dynamic pages, no samba shares. I cannot access neither the client side Pfsense gui.
my current configuration is multi wan on the server side with the vpn
This is the server config
https://www.dropbox.com/s/hr9j9o7cfiy9hmr/FireShot%20Capture%201%20-%20pfsense.localdomain%20-%20OpenVPN_%20Server_%20-%20http___10.0.0.1_vpn_openvpn_server.php.png?dl=0This is the client config
https://www.dropbox.com/s/l5sxgbaw1t3p60k/FireShot%20Capture%201%20-%20pfsense-manesseno.drafinsub-manesseno_%20-%20http___10.0.1.1_vpn_openvpn_client.php.png?dl=0On the server side the interface is configured as localhost because of the multiwan there is a port forwarding
EOLO UDP * * EOLO address 500 (ISAKMP) 127.0.0.1 500 (ISAKMP) Eolo VPN multiwan VODAFONE20MB UDP * * Vodafone address 500 (ISAKMP) 127.0.0.1 500 (ISAKMP) Vodafone 20MB VPN multiwan
there are also rules about opening the port 500 on both routers (and on both multiwan connections)
What I forgot to check?
Thank you in advance
-
Change your subnet on both PfSense boxes for the IPv4 Tunnel network to /24
So instead of 10.0.8.0/30 do 10.0.8.0/24
Try that.
Also, make sure you have an allow firewall rule for the OpenVPN interface on each PfSense.
Lastly, why are you using DES-CBC 64bit????
Jake
-
To be honest I don't know why is set with such an algorithm :o . I changed it to a more standard AES. I tried to change the network mask to 24 but nothin changed.
For the firewall rules:
How should be set? is not enough a "allow all" rule in both the openvpn tab?Thank you
Update: now works, but the connection goes down every one hour or so and hangs on ping-reconnect.
also I found a crash report logging into the server: http://pastebin.com/dHKJ9CKz
Any advice about what to check?Thank you