Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN networking - cloud to local (site-to-site) vpn with one pfsense box

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 862 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      ocset
      last edited by

      Hi

      I am trying to setup a site-to-site vpn using only one pfsense box in the cloud and a client machine behind a modem in the office.

      I have the following setup.

      pfsense (latest version on cloud server) <–-> Internet <---> modem <---> Ubuntu 14.04 (local).

      I have also configured a second ubuntu machine in the cloud which gets an IP address from the pfsense DHCP server. I can ping between these two cloud servers. (172.16.20.1 <--> 172.16.20.100)

      IP addresses are: (subnet 255.255.255.0 for all internal networks)

      pfsense
      eth0 - 111.111.111.111 (external IP)
      eth1 - 172.16.20.1

      Ubuntu cloud server
      eth0 - 222.222.222.222 (external IP)
      eth1 - 172.16.20.100

      Local Ubuntu server
      eth0 -  192.168.0.100

      Modem
      192.168.0.1
      I have configured a static rule to forward all traffic from the 10.0.8.0/24 network to the local Ubuntu Server (192.168.0.100)

      Tunnel
      10.0.8.0/24

      I can ping the pfsense machine from the client (172.16.20.1) but cannot ping the cloud ubuntu machine (172.16.20.100) from the client.

      I CANNOT  ping the client LAN, modem (192.168.0.1) or Ubuntu machine (192.168.0.100) from the pfsense machine. I have enables IP4 forwarding on the local Ubuntu machine.

      Server config

      
      ev ovpns1
      verb 1
      dev-type tun
      tun-ipv6
      dev-node /dev/tun1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-256-CBC
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      client-connect /usr/local/sbin/openvpn.attributes.sh
      client-disconnect /usr/local/sbin/openvpn.attributes.sh
      local 111.111.111.111
      tls-server
      server  10.0.8.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc
      username-as-common-name
      auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server1" via-env
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls '------------.com' 1 "
      lport 1194
      management /var/etc/openvpn/server1.sock unix
      max-clients 10
      push "route 172.16.20.0 255.255.255.0"
      client-to-client
      ca /var/etc/openvpn/server1.ca
      cert /var/etc/openvpn/server1.cert
      key /var/etc/openvpn/server1.key
      dh /etc/dh-parameters.2048
      tls-auth /var/etc/openvpn/server1.tls-auth 0
      persist-remote-ip
      float
      
      

      Client config

      
      v tun
      persist-tun
      persist-key
      cipher AES-256-CBC
      auth SHA1
      tls-client
      client
      resolv-retry infinite
      remote 111.111.111.111 1194 udp
      lport 0
      verify-x509-name "-----------.com" name
      auth-user-pass
      pkcs12 pfSense-udp-1194-user.p12
      tls-auth pfSense-udp-1194-user-tls.key 1
      ns-cert-type server
      # Log to file instead of syslog
      log-append /var/log/openvpn.log
      verb 4
      
      

      Anyone know where I am going wrong?
      Thanks in advance
      O

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.