Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site-to-Site Tunnel: Moved Office, now can't connect

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      larryk
      last edited by

      Hi… we moved our pfSense OpenVPN server appliance to a new office.  We had a site to site tunnel up and running smoothly between our pfSense box, and a Linux server (CenTOS) at our co-lo.  The only thing that has changed is the WAN IP address of our pfsense box.... becuase we're in a new location with a different ISP.

      Our pfSense box works fine for our firewall;  but the OpenVPN still isn't working.  I keep thinking that somewhere within the OpenVPN configuration that there would be a reference to the WAN ip address as well as the IP address for the co-lo server.  Looking at client.conf at the co-lo,  just shows the ifconfig as the internal tunnel address.  172.31.55.1 and 172.31.55.2

      [root@havok openvpn]# cat client.conf
      proto udp
      dev tun
      remote vpn.nationalgardening.com
      ifconfig 172.31.55.2 172.31.55.1
      route 192.168.219.0 255.255.255.0 172.31.55.1
      secret /etc/openvpn/secret.key
      cipher AES-128-CBC
      port 1195
      user nobody
      group nobody
      daemon
      comp-lzo
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      verb 4
      [root@havok openvpn]#

      The iptables rules on the colo server have a single entry for openvpn

      ACCEPT udp – anywhere      anywhere  udb dpt:openvpn

      the iptables rules on the pfSense box show the "WAN Address"  as the destination,  but should there be an entry in the rules  to refer to the colo address, somewhere, perhaps as a "push"?

      TIA.

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        Has "vpn.nationalgardening.com" been changed to reflect the new WAN address of your pfSense box?

        From here, that resolves to: 24.218.164.228.
        It that your correct WAN address?
        Does the client also resolve that FQDN correctly?

        -jfp

        1 Reply Last reply Reply Quote 0
        • L
          larryk
          last edited by

          Hi, divsys….thanks so much!  Actually I had figured this out about five minutes before you posted.  :-) but that is indeed what the problem was.  I put in the direct IP assigned by our internet provider.

          Thanks again!

          --- Larry

          1 Reply Last reply Reply Quote 0
          • D
            divsys
            last edited by

            Glad you worked it out.

            Perhaps you could update the title of your first post with "[Solved]".

            -jfp

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.