Weird Site to Site Openvpn Problem
Hello to everyone,
I'm experiencing a weird problem wit a multi-wan site-to-site OpenVpn.
To make it short I can access from the client lan (10.0.1.0/24) to the server lan (10.0.0.0/24) via a tunnel (10.0.8.0/30) without a problem (a bit slow maybe), but not vice-versa, it just load forever.
The weird thing is that from server lan I can ping all the devices, and I can also see the default page from an Apache server on the client side, but that's all I can do. No ssh, no dynamic pages, no samba shares. I cannot access neither the client side Pfsense gui.
my current configuration is multi wan on the server side with the vpn
On the server side the interface is configured as localhost because of the multiwan there is a port forwarding
EOLO UDP * * EOLO address 500 (ISAKMP) 127.0.0.1 500 (ISAKMP) Eolo VPN multiwan VODAFONE20MB UDP * * Vodafone address 500 (ISAKMP) 127.0.0.1 500 (ISAKMP) Vodafone 20MB VPN multiwan
there are also rules about opening the port 500 on both routers (and on both multiwan connections)
What I forgot to check?
Thank you in advance
Change your subnet on both PfSense boxes for the IPv4 Tunnel network to /24
So instead of 10.0.8.0/30 do 10.0.8.0/24
Also, make sure you have an allow firewall rule for the OpenVPN interface on each PfSense.
Lastly, why are you using DES-CBC 64bit????
To be honest I don't know why is set with such an algorithm :o . I changed it to a more standard AES. I tried to change the network mask to 24 but nothin changed.
For the firewall rules:
How should be set? is not enough a "allow all" rule in both the openvpn tab?
Update: now works, but the connection goes down every one hour or so and hangs on ping-reconnect.
also I found a crash report logging into the server: http://pastebin.com/dHKJ9CKz
Any advice about what to check?