Site-to-Site Tunnel: Moved Office, now can't connect
Hi… we moved our pfSense OpenVPN server appliance to a new office. We had a site to site tunnel up and running smoothly between our pfSense box, and a Linux server (CenTOS) at our co-lo. The only thing that has changed is the WAN IP address of our pfsense box.... becuase we're in a new location with a different ISP.
Our pfSense box works fine for our firewall; but the OpenVPN still isn't working. I keep thinking that somewhere within the OpenVPN configuration that there would be a reference to the WAN ip address as well as the IP address for the co-lo server. Looking at client.conf at the co-lo, just shows the ifconfig as the internal tunnel address. 172.31.55.1 and 172.31.55.2
[root@havok openvpn]# cat client.conf
ifconfig 172.31.55.2 172.31.55.1
route 192.168.219.0 255.255.255.0 172.31.55.1
keepalive 10 60
The iptables rules on the colo server have a single entry for openvpn
ACCEPT udp – anywhere anywhere udb dpt:openvpn
the iptables rules on the pfSense box show the "WAN Address" as the destination, but should there be an entry in the rules to refer to the colo address, somewhere, perhaps as a "push"?
Has "vpn.nationalgardening.com" been changed to reflect the new WAN address of your pfSense box?
From here, that resolves to: 126.96.36.199.
It that your correct WAN address?
Does the client also resolve that FQDN correctly?
Hi, divsys….thanks so much! Actually I had figured this out about five minutes before you posted. :-) but that is indeed what the problem was. I put in the direct IP assigned by our internet provider.
Glad you worked it out.
Perhaps you could update the title of your first post with "[Solved]".