pfSense Support Subscription

Author Topic: Site 2 Site problem  (Read 1130 times)

0 Members and 1 Guest are viewing this topic.

Offline ambly

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Site 2 Site problem
« on: April 05, 2012, 04:22:51 am »
Hi,
Need help badly...

Trying to get a connection between two sites

Site1 10.12.10.0/24
<->
Pfsense01 WAN IP 192.168.1.64
<->
VDSL Dynamic IP
<->
Internet
<->
VDSL Dynamic IP
<->
Pfsense02 WAN IP 192.168.1.64
<->
Site2 10.12.20.0/24

I have followed every guide that i could find but i can't get connection.

But he VPN is still down!

We have upgraded the VDSL at site1. Before that we got a static IP and IPsec between the sites.

Please help me!

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Site 2 Site problem
« Reply #1 on: April 05, 2012, 04:56:33 am »
What exactly do you have setup? what does the OpenVPN status show? What do the OpenVPN logs show?

Offline ambly

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Site 2 Site problem
« Reply #2 on: April 05, 2012, 05:25:27 am »
I have followed this guide
http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)

Now i see that the client status is reconnecting; ping-restart


Log from server


Apr 5 12:19:24
 
openvpn[29120]: UDPv4 link remote: [undef]
 


Apr 5 12:19:24
 
openvpn[29120]: UDPv4 link local (bound): [AF_INET]192.168.1.64:1195
 


Apr 5 12:19:24
 
openvpn[20057]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1592 10.0.8.1 10.0.8.2 init
 


Apr 5 12:19:24
 
openvpn[20057]: /sbin/ifconfig ovpns1 10.0.8.1 netmask 10.0.8.2 mtu 1500 up
 


Apr 5 12:19:24
 
openvpn[20057]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
 


Apr 5 12:19:24
 
openvpn[20057]: TUN/TAP device /dev/tap1 opened
 


Apr 5 12:19:24
 
openvpn[20057]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.12.20.0
 


Apr 5 12:19:24
 
openvpn[20057]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
 


Apr 5 12:19:24
 
openvpn[20057]: WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
 


Apr 5 12:19:24
 
openvpn[20057]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
 


Apr 5 12:19:24
 
openvpn[20057]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Aug 11 2011


Log from Client


Apr 5 12:21:18
 
openvpn[10359]: UDPv4 link remote: [AF_INET]85.228.110.124:1195
 


Apr 5 12:21:18
 
openvpn[10359]: UDPv4 link local (bound): [AF_INET]192.168.1.64:1195
 


Apr 5 12:21:18
 
openvpn[10359]: Preserving previous TUN/TAP instance: ovpnc1
 


Apr 5 12:21:18
 
openvpn[10359]: Re-using pre-shared static key
 


Apr 5 12:21:18
 
openvpn[10359]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
 


Apr 5 12:21:16
 
openvpn[10359]: SIGUSR1[soft,ping-restart] received, process restarting
 


Apr 5 12:21:16
 
openvpn[10359]: Inactivity timeout (--ping-restart), restarting

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Site 2 Site problem
« Reply #3 on: April 05, 2012, 05:38:11 am »
Given both your firewalls have a private WAN IP, I suspect on the server side the modem isn't passing the traffic through to the actual WAN IP. Can verify with packet capture and/or states.

Offline ambly

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Site 2 Site problem
« Reply #4 on: April 05, 2012, 05:42:23 am »
Networking is not my main area...

How could i check how the traffic is passing?

Offline chpalmer

  • Hero Member
  • *****
  • Posts: 1074
  • Karma: +0/-0
    • View Profile
    • Home of Cablenut
Re: Site 2 Site problem
« Reply #5 on: April 05, 2012, 12:31:40 pm »
ambly-

Have you set up your server side dsl modem to port forward the vpn traffic?
P.S. statements made by me are not necessarily condoned by the management of this fine organization.

Offline ambly

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Site 2 Site problem
« Reply #6 on: April 05, 2012, 02:18:31 pm »
I found a way to set one of the dsl modems in bridged mode and now it works!