Need help configuring your VPN? Just post here and you'll get that help.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
NasKar
- OpenVpn Newbie
- Posts: 14
- Joined: Tue Nov 01, 2016 10:54 pm
Post
by NasKar » Sat May 30, 2020 1:37 pm
I have a pfsense server setup that works dialing in from my iphone and also on my remote computer (subnet 192.168.1.0/24) to my main subnet(192.168.5.0/24). If I ping from the main subnet to the remote computer or remote router I get request timed out. Here is the redacted openvpn.conf on my remote machine.
Code: Select all
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote mydomain.ddns.net 1195 udp4
lport 0
verify-x509-name "my_cert" name
remote-cert-tls server
comp-lzo adaptive
What am I missing to get bidirection site to site VPN?
-
Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Post
by Pippin » Sat May 30, 2020 1:46 pm
This question is better asked on Netgate forums:
https://forum.netgate.com
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Sat May 30, 2020 2:10 pm
-
NasKar
- OpenVpn Newbie
- Posts: 14
- Joined: Tue Nov 01, 2016 10:54 pm
Post
by NasKar » Sun May 31, 2020 12:17 am
TinCanTech,
Thanks for the links, I've read it serveral times but still having issues . Hopefully I can figure out what the conf files should look like with some help.
My ovpn.conf
Code: Select all
dev ovpns4
verb 4
dev-type tun
dev-node /dev/tun4
writepid /var/run/openvpn_server4.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 173.64.98.42
tls-server
server 172.16.2.0 255.255.255.252
client-config-dir /var/etc/openvpn-csc/server4
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'plex2_cert' 1"
lport 1195
management /var/etc/openvpn/server4.sock unix
max-clients 10
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "redirect-gateway def1"
client-to-client
ca /var/etc/openvpn/server4.ca
cert /var/etc/openvpn/server4.cert
key /var/etc/openvpn/server4.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server4.tls-auth 0
ncp-ciphers AES-256-GCM:AES-128-GCM
comp-lzo adaptive
persist-remote-ip
float
I believe this is pfsense version of your ccd file. /var/etc/openvpn-csc/server4: cat Plex2Master
Code: Select all
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1"
ifconfig-push 172.16.2.240 255.255.255.255
From the dd-wrt router openvpn.conf
Code: Select all
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tun1
proto udp4
cipher aes-256-cbc
auth sha256
remote mydomain.ddns.net 1195
comp-lzo adaptive
tun-mtu 1500
mtu-disc yes
fast-io
tls-auth /tmp/openvpncl/ta.key 1
verify-x509-name "plex2_cert" name;
ncp-ciphers AES-256-GCM:AES-128-GCM;
route 192.168.1.0 255.255.255.0;
resolv-retry infinite;