Site to Site VPN Setup on PFSense (IPSec / OpenVPN)

Hi, I am trying to setup a site to site VPN and I have hit a wall. Above is a diagram of my would-be setup without the actual ISP for the branch. The ISP indicated is setup at the main site but i am using it for testing purposes because the setup will be the similar on both sites.
I setup ddns service in pfsense in both sites to use for the configuration. The accounts were setup with

So far, I have tried the IPSec method and OpenVPn method. In both cases, the service just sits at connecting and never really does.
With the OpenVPn method, I downloaded the OS compliant client and installed on multiple windows systems but i always got the similar error, below:

I also tried to add the branch pfsense as client in pfsense under OpenVPn after setting up the server, but its not been able to connect.

I have tried to do the connections using the ddns addresses on both systems with the same ISP connection and with different ISP connections. the ddns service works becaus the I see the updates every time. I have also tried to use the static IPs as the public IPs to see if that’ll make any difference, but none.

What could I be doing wrong? If I got a static public IP for the main site only, could the setup work?

If you have option to choose use OpenVPN.

It’s important that you don’t have the same network range or overlapping ranges on both sites.

Check your rules on the WAN interface on the server side to allow the openVPN port to access.

Use a different port from the standard one, as sometimes ISP block OpenVPN default port.

Unless a specific need stick to UDP.

Basically follow this from the PFSENSE Book.
Edit: redaction and new link.

1 Like