Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
ovpn site to site (server waiting, client up)
« previous
next »
Print
Pages: [
1
]
Author
Topic: ovpn site to site (server waiting, client up) (Read 3070 times)
atzouris
Newbie
Posts: 6
Karma: 0
ovpn site to site (server waiting, client up)
«
on:
January 18, 2021, 07:05:06 pm »
I've just deployed OPNSense 20.7 on two APUC2 appliances at two different sites wiith public IPs and I'm struggling to get the ovpn site-to-site server side to come up. The client is
up
but the server is stuck in '
waiting
' connection status.
I've got a couple of questions:
#1 Followed the documentation in detail on the docs.opnsense.org site for
Setup SSL VPN site to site tunnel
. On the client side ... Where is the configuration for the
Server Certificate SSLVPN Server Certificate (CA: SSL VPN CA)
? I cannot find where to set this configuration item.
#2 How can I resolve the issue with the status on the server and client sides that in the logs shows as
server
--snip
openvpn[21380] MANAGEMENT: Client disconnected
openvpn[21380] MANAGEMENT: CMD 'quit'
openvpn[21380] MANAGEMENT: CMD 'status 2'
--snip
client
--snip
openvpn[18974] MANAGEMENT: Client disconnected
openvpn[18974] MANAGEMENT: CMD 'status 2'
openvpn[18974] MANAGEMENT: CMD 'state all'
--snip
p.s.
1. I have the road warrier vpn working in both directions
2. Just migrated the two appliances from pfsense to opnsense
Logged
atzouris
Newbie
Posts: 6
Karma: 0
Re: ovpn site to site (server waiting, client up)
«
Reply #1 on:
January 19, 2021, 05:49:23 pm »
I'm using version 20.7 on both OPNsense appliances.
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: ovpn site to site (server waiting, client up)
«
Reply #2 on:
January 19, 2021, 05:58:29 pm »
Those management log messages are issued when you click on "Connection status" in the WebGui. So you can ignore them
If you want to know why your client is not connecting, you should raise the log level in client and server and have at look at the logs then.
Did you open the port with the correct protocol on the WAN interface on the server side?
Logged
„The S in IoT stands for Security!“
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: ovpn site to site (server waiting, client up)
«
Reply #3 on:
January 19, 2021, 06:19:15 pm »
Considering question #1 it can't work, I guess. Maybe start with a shared-key site-to-site config for openvpn and see if it works. No trouble with CAs and stuff for the beginning...
«
Last Edit: January 19, 2021, 09:32:36 pm by chemlud
»
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
atzouris
Newbie
Posts: 6
Karma: 0
Re: ovpn site to site (server waiting, client up)
«
Reply #4 on:
January 21, 2021, 10:09:57 pm »
Mea culpa. Now have Peer to Peer Shared Key (Site to Site) and Remote Access (SSL/TLS + User Auth) both working.
However, I did learn more than the online documentation, stumbled across a youtube video online that was just over 20 minutes that enlightened me about having two VPN on a single appliance that also included setting the Floating Rules and the Single Gateway and new VPN interface assignments. The title included VPN between 2 OPNsense boxes and also OPNsense and pfsense.
I'm very pleased with migration to two OPNsense boxes.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
ovpn site to site (server waiting, client up)
