OpenVPN networking - cloud to local (site-to-site) vpn with one pfsense box
-
Hi
I am trying to setup a site-to-site vpn using only one pfsense box in the cloud and a client machine behind a modem in the office.
I have the following setup.
pfsense (latest version on cloud server) <–-> Internet <---> modem <---> Ubuntu 14.04 (local).
I have also configured a second ubuntu machine in the cloud which gets an IP address from the pfsense DHCP server. I can ping between these two cloud servers. (172.16.20.1 <--> 172.16.20.100)
IP addresses are: (subnet 255.255.255.0 for all internal networks)
pfsense
eth0 - 111.111.111.111 (external IP)
eth1 - 172.16.20.1Ubuntu cloud server
eth0 - 222.222.222.222 (external IP)
eth1 - 172.16.20.100Local Ubuntu server
eth0 - 192.168.0.100Modem
192.168.0.1
I have configured a static rule to forward all traffic from the 10.0.8.0/24 network to the local Ubuntu Server (192.168.0.100)Tunnel
10.0.8.0/24I can ping the pfsense machine from the client (172.16.20.1) but cannot ping the cloud ubuntu machine (172.16.20.100) from the client.
I CANNOT ping the client LAN, modem (192.168.0.1) or Ubuntu machine (192.168.0.100) from the pfsense machine. I have enables IP4 forwarding on the local Ubuntu machine.
Server config
ev ovpns1 verb 1 dev-type tun tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-256-CBC auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local 111.111.111.111 tls-server server 10.0.8.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc username-as-common-name auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server1" via-env tls-verify "/usr/local/sbin/ovpn_auth_verify tls '------------.com' 1 " lport 1194 management /var/etc/openvpn/server1.sock unix max-clients 10 push "route 172.16.20.0 255.255.255.0" client-to-client ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.2048 tls-auth /var/etc/openvpn/server1.tls-auth 0 persist-remote-ip float
Client config
v tun persist-tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote 111.111.111.111 1194 udp lport 0 verify-x509-name "-----------.com" name auth-user-pass pkcs12 pfSense-udp-1194-user.p12 tls-auth pfSense-udp-1194-user-tls.key 1 ns-cert-type server # Log to file instead of syslog log-append /var/log/openvpn.log verb 4
Anyone know where I am going wrong?
Thanks in advance
O