Topic: openVPN SiteToSite

[mudra]

Dear All,

I have two smeservers (one remote for affa backup purposes) connecting through an Openvpn Sitetosite tunnel. This has worked without any problems for many months.

We have recently installed a new telephone system which needed to go onto a separte subnet - so I have installed an IPFire firewall box and set the smeserver to gateway only. I have portforwarded 1194 from the IPFire firewall but the tunnel does not reconnect.

Do I have to forward any other ports ? In principle should this approach work OR should I try and VPN to the IPFirewall now.

Please let me know if the above is not clear.

Murda.

[Daniel B.]

Hi. You mean you have your SME as a server only (and not gateway only) ?

I see no reason for it not to work.

- Check the logs /var/log/openvpn-s2s/<daemon ID>.log at both end, to see if it's a timeout or something else
- Check the tunnel is using port 1194 (as you can enter an arbitrary port...)
- the port forward from IPFire should be for UDP, not TCP (unless you changed it manually, OpenVPN s2s uses UDP)
- Last: you can try to reverse client and server. The SME behind IPfire can become the client so no port forwarding will be necessary (as it'll initiate the connection). But this require that you re-configure the tunnel at both ends

Regards, Daniel

[mudra]

Dear Daniel,

Thankyou for your quick reply. I have port-forwarded the port via TCP and UDP now !! I can see nothing in the logs and I will try and swap the client / server round overnight and see if that is going to work better.

I will let you know how things work out.

Murda

[mudra]

Dear Daniel,

I swapped the client / server around and everything works as it should. Thanks for the advice.

Mudra