Site-to-Site Tunnel: Moved Office, now can't connect

  • Hi… we moved our pfSense OpenVPN server appliance to a new office.  We had a site to site tunnel up and running smoothly between our pfSense box, and a Linux server (CenTOS) at our co-lo.  The only thing that has changed is the WAN IP address of our pfsense box.... becuase we're in a new location with a different ISP.

    Our pfSense box works fine for our firewall;  but the OpenVPN still isn't working.  I keep thinking that somewhere within the OpenVPN configuration that there would be a reference to the WAN ip address as well as the IP address for the co-lo server.  Looking at client.conf at the co-lo,  just shows the ifconfig as the internal tunnel address. and

    [root@havok openvpn]# cat client.conf
    proto udp
    dev tun
    secret /etc/openvpn/secret.key
    cipher AES-128-CBC
    port 1195
    user nobody
    group nobody
    keepalive 10 60
    verb 4
    [root@havok openvpn]#

    The iptables rules on the colo server have a single entry for openvpn

    ACCEPT udp – anywhere      anywhere  udb dpt:openvpn

    the iptables rules on the pfSense box show the "WAN Address"  as the destination,  but should there be an entry in the rules  to refer to the colo address, somewhere, perhaps as a "push"?


  • Has "" been changed to reflect the new WAN address of your pfSense box?

    From here, that resolves to:
    It that your correct WAN address?
    Does the client also resolve that FQDN correctly?

  • Hi, divsys….thanks so much!  Actually I had figured this out about five minutes before you posted.  :-) but that is indeed what the problem was.  I put in the direct IP assigned by our internet provider.

    Thanks again!

    --- Larry

  • Glad you worked it out.

    Perhaps you could update the title of your first post with "[Solved]".

Log in to reply