OpenVPN networking - cloud to local (site-to-site) vpn with one pfsense box



  • Hi

    I am trying to setup a site-to-site vpn using only one pfsense box in the cloud and a client machine behind a modem in the office.

    I have the following setup.

    pfsense (latest version on cloud server) <–-> Internet <---> modem <---> Ubuntu 14.04 (local).

    I have also configured a second ubuntu machine in the cloud which gets an IP address from the pfsense DHCP server. I can ping between these two cloud servers. (172.16.20.1 <--> 172.16.20.100)

    IP addresses are: (subnet 255.255.255.0 for all internal networks)

    pfsense
    eth0 - 111.111.111.111 (external IP)
    eth1 - 172.16.20.1

    Ubuntu cloud server
    eth0 - 222.222.222.222 (external IP)
    eth1 - 172.16.20.100

    Local Ubuntu server
    eth0 -  192.168.0.100

    Modem
    192.168.0.1
    I have configured a static rule to forward all traffic from the 10.0.8.0/24 network to the local Ubuntu Server (192.168.0.100)

    Tunnel
    10.0.8.0/24

    I can ping the pfsense machine from the client (172.16.20.1) but cannot ping the cloud ubuntu machine (172.16.20.100) from the client.

    I CANNOT  ping the client LAN, modem (192.168.0.1) or Ubuntu machine (192.168.0.100) from the pfsense machine. I have enables IP4 forwarding on the local Ubuntu machine.

    Server config

    
    ev ovpns1
    verb 1
    dev-type tun
    tun-ipv6
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    client-connect /usr/local/sbin/openvpn.attributes.sh
    client-disconnect /usr/local/sbin/openvpn.attributes.sh
    local 111.111.111.111
    tls-server
    server  10.0.8.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    username-as-common-name
    auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server1" via-env
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls '------------.com' 1 "
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 10
    push "route 172.16.20.0 255.255.255.0"
    client-to-client
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.2048
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    persist-remote-ip
    float
    
    

    Client config

    
    v tun
    persist-tun
    persist-key
    cipher AES-256-CBC
    auth SHA1
    tls-client
    client
    resolv-retry infinite
    remote 111.111.111.111 1194 udp
    lport 0
    verify-x509-name "-----------.com" name
    auth-user-pass
    pkcs12 pfSense-udp-1194-user.p12
    tls-auth pfSense-udp-1194-user-tls.key 1
    ns-cert-type server
    # Log to file instead of syslog
    log-append /var/log/openvpn.log
    verb 4
    
    

    Anyone know where I am going wrong?
    Thanks in advance
    O


Log in to reply