pfSense Support Subscription

Author Topic: Attempt to setup site2site openvpn shared key  (Read 925 times)

0 Members and 1 Guest are viewing this topic.

Offline franklovespfs

  • Newbie
  • *
  • Posts: 8
    • View Profile
Attempt to setup site2site openvpn shared key
« on: May 07, 2012, 05:17:20 pm »
Ok here is  my idea

                                                                    OFFICE 1                                                             Office 2
Internet router  10.1.2.0 <--LAN 10.1.2.43> PF 1 <-WAN-STATIC-IP> Internet <-WAN-STATIC-IP-> PF 2 <-----> 10.2.2.0 lan

SO I followed the http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_%28Shared_Key,_2.0%29

------------------Server------------------
Server Mode  Peer to peer shared key    
Protocol    UDP
Device Mode  TUN   
Interface    ANY
Local port    1194
Description MYVPN

Cryptographic Settings
Shared Key    
# # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- blau blau -----END OpenVPN Static key V1-----
Encryption algorithm    RC2 40 CBC (40bit)
Hardware Crypto no   

Tunnel Settings
Tunnel Network    10.0.8.0/24
Local Network    10.1.2.0/24
Remote Network 10.2.2.0/24
Concurrent connections    

Compression    nothing
Type-of-Service    nothing    
Duplicate Connections    nothing    

Advanced configuration
Advanced   nothing

here is the Status: System logs: OpenVPN (after fresh rebbot)
May 7 22:23:44    openvpn[22231]: UDPv4 link local (bound): [undef]
May 7 22:23:44    openvpn[22231]: UDPv4 link remote: [undef]
May 7 22:23:45    openvpn[22231]: Peer Connection Initiated with [AF_INET STATICOFFICE2IPHERE]:27533
May 7 22:23:46    openvpn[22231]: Initialization Sequence Completed

------------------Server------------------

------------------Client-------------------
Server Mode Peer to peer shared key
Protocol UDP
Device mode TUN
Interface ANY
Local port nothing

Server host or address {(my external staticIP address here)}
Server port 1194
Proxy host or address none
Proxy port none
Proxy authentication extra options none
Server host name resolution nothing

Description MYVPN Client

Cryptographic Settings
Shared Key  (same as above key copy pasted)
Encryption algorithm RC2 40 CBC (40bit)
Hardware Crypto no

Tunnel Network 10.0.8.0/24
Remote Network 10.1.2.0/24
Limit outgoing bandwidth nothing

Compression nothing
Type-of-Service nothing

Advanced configuration
Advanced nothing

here is the Status: System logs: OpenVPN (after a fresh reboot)
May 7 22:23:52    openvpn[21464]: UDPv4 link local: [undef]
May 7 22:23:52    openvpn[21464]: UDPv4 link remote: [AF_INET]STATICOFFICE1IPHERE:1194
May 7 22:24:03    openvpn[21464]: Peer Connection Initiated with [AF_INET] STATICOFFICE1IPHERE:1194
May 7 22:24:04    openvpn[21464]: Initialization Sequence Completed
------------------Client-------------------

I have made firewall rules that allow everything it connects


In office 2 I have a computer and it connects to the internet fine. i open a command promt in windows 7 and ping a computer on the othere network in office 1

Pinging 10.1.2.77 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.1.2.77:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

I can ping from office 2 the openvpn 10.0.8.1  server
C:\Users\Administrator>ping 10.0.8.1

Pinging 10.0.8.1 with 32 bytes of data:
Reply from 10.0.8.1: bytes=32 time<1ms TTL=63
Reply from 10.0.8.1: bytes=32 time<1ms TTL=63
Reply from 10.0.8.1: bytes=32 time<1ms TTL=63
Reply from 10.0.8.1: bytes=32 time<1ms TTL=63

Ping statistics for 10.0.8.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

what do I need to add to get it to allow me to see the othere computers.  so I could say ping or see a web server internally on 10.1.2.77


« Last Edit: May 07, 2012, 08:07:01 pm by franklovespfs »

Offline franklovespfs

  • Newbie
  • *
  • Posts: 8
    • View Profile
Re: Attempt to setup site2site openvpn shared key
« Reply #1 on: May 07, 2012, 05:52:18 pm »
So now I add a route in the advanced part of the office 2 client to openvpn section

route 10.1.2.0 255.255.255.0;

and this is what is new in the System logs: OpenVPN

May 7 22:43:45    openvpn[21464]: event_wait : Interrupted system call (code=4)
May 7 22:43:45    openvpn[21464]: /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1544 10.0.8.2 10.0.8.1 init
May 7 22:43:45    openvpn[21464]: SIGTERM[hard,] received, process exiting
May 7 22:43:45    openvpn[50047]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Aug 11 2011
May 7 22:43:45    openvpn[50047]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 7 22:43:45    openvpn[50047]: TUN/TAP device /dev/tun1 opened
May 7 22:43:45    openvpn[50047]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
May 7 22:43:45    openvpn[50047]: /sbin/ifconfig ovpnc1 10.0.8.2 10.0.8.1 mtu 1500 netmask 255.255.255.255 up
May 7 22:43:45    openvpn[50047]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1544 10.0.8.2 10.0.8.1 init
May 7 22:43:45    openvpn[50047]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
May 7 22:43:45    openvpn[51384]: UDPv4 link local: [undef]
May 7 22:43:45    openvpn[51384]: UDPv4 link remote: [AF_INET] OFFICE2IPHERE:1194

and still everything is timing out
I have internet can go to google  I just want to have a simple openvpn to allow inter local communications file sharing and internal web host

Is there some document I need to read up on because I am not able to find any tutorial that does site to site shared key .  that uses version 2. there are many with the older version with completly diffrent options

Offline franklovespfs

  • Newbie
  • *
  • Posts: 8
    • View Profile
Re: Attempt to setup site2site openvpn shared key
« Reply #2 on: May 07, 2012, 06:17:55 pm »
from office 2 I can ping the lan port on office 1 pfsense lan  card that has a ip of 10.1.2.43

C:\Users\Administrator>ping 10.1.2.43

Pinging 10.1.2.43 with 32 bytes of data:
Reply from 10.1.2.43: bytes=32 time<1ms TTL=63
Reply from 10.1.2.43: bytes=32 time<1ms TTL=63
Reply from 10.1.2.43: bytes=32 time<1ms TTL=63
Reply from 10.1.2.43: bytes=32 time<1ms TTL=63

Ping statistics for 10.1.2.43:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Ugh  so I can not reach anyone on that network.

note that network on the lan is connected to a whole office using an diffrent router . the Wan is on its own ip static seperate net connection so what I want to know how to do is route traffic from the office 2 through the openvpn to the 10.1.2.0 network. I don't even know where to start or what to read up on.
« Last Edit: May 07, 2012, 08:36:14 pm by franklovespfs »