I will be connected 4 sites together. From 3 sites each with an SG1100 and a VPN connecting to a 4th site with an SG1100 as well. Just basically running a backup. I do not think I will be getting more than 10 mbs per site (from 3) to the 4th site where I will be backing up. Not a lot of data either, just a few minutes at night. Any suggestions? OpenVPN in a peer to peer connection or any other better suggestion or perhaps a suggestion on better hardware? maybe even lower cost? Thanks
For low bandwidth, they will work fine. I don’t think you will easily find a complete solution for less.
Thanks Tom. I was under the impression I had already replied.
Hello Tom.
I wanted to thank you again. I know you hear it a lot.
I have followed the peer to peer vpn video and I was able to see the VPN up (the green arrow in the sg1100 interface corresponding to the VPN) but I could not ping from a laptop behind the “server” to a laptop behind the “client”. I am guessing it has to do with the firewall rules but I know I left them open.
This is the setup in question:
Server has the ip 192.168.3.1
and the clients have 192.168.4.1, 192.168.5.1 and 192.168.6.1
They all have the tunnel network set to 192.168.99.0/24
On the open vpn settings, all the clients are connecting to 192.168.3.1 and
the server allows connection from: 192.168.4.1, 192.168.5.1 and 192.168.6.1
I created a dynamic dns name for the server for testing:
I added the dynamic dns name for the server and I get a connection (green)
I pointed the client to that hostname any-name-here.noip.net and when I plugged them both as I mentioned I did get the UP green arrow for the VPN and also the openvpn server was running green.
Under the Peer to Peer instances on both the client and the server the arrow is red pointing down. This I can’t get around.
Any tips? I rather learn how to do it myself than have someone else do it but if need be then I would contract your co. Unless you can see something very obviously wrong.
Or perhaps anyone else who has had experience here in the forum with a similar setup.
Thank you in advanced.
Check the error logs, follow the guide from Netgate
https://docs.netgate.com/pfsense/en/latest/book/openvpn/site-to-site-example-configuration-shared-key.html
And I have a video on site to site with OpenVPN
Thanks again for the reply.
Did it again from scratch following the netgate.com tutorial in the link you posted and still nothing.
On the server I did find the “General” error:
nginx: 2020/03/26 04:15:56 [error] 30776#100080: send failed 54: Connection reset by peer
Gateways errors:
sendto error: 65
On the client side I get:
The general error is:
<rtsock_input_ifannounce> interface tun1 removed
tun1: changing name to ovpnc1
<rtsock_input_ifannounce> interface tun1 removed
pflog: promiscuous mode enabled
under gateway error I see:
site ot site ipaddrss:1195 (my choice)
site ti site vpn 000 192.168.77.1: sendto error: 55
I starting to think this isnt going tork for me long term…
Have set up 3 sites with site-to-site OpenVPNs, they all have unique subnets including the tunnels, Static Routes are used to route traffic.
Was fairly painless to set up, adding a 4th wouldn’t cause any issues I’d imagine.
Suggest getting two sites working first then add the third.
thanks. I got two sites connected, master and first site. I am trying to get another site to actually physically test it - i want to use different ISPs to make sure it is working and that they will reach the master site which will have dynamic dns active.
apologize for my delay
Essentially have the same setup it works without any issues over DDNS. Though I have set up twin connections, just so I have a back up just in case something goes wrong.