Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Site-to-Site between Golds no longer working

Follow
Avatar
Warren Merkel

I have three FW Gold models at locations behind routers configured as bridges.   WAN side gets routable IPs.   I'm after having one site be the master and the other two have Site-to-Site to the master.  All three sites have LAN IPs on different /24 subnets.

Let's just start with the first two sites and get them going.

I had two of the sites configured for Site-to-Site VPN and it worked, say a month ago.  Recently, it stopped working and all I could do is ping the LAN gateway at the other end of the tunnel.  No other hosts can be pinged or ping any hosts on the other side.    I have the Site-to-Site configured to "Apply To" the LAN, which indicates all hosts.    

This VPN used to work, but now doesn't.  I revoked the configuration, and set up the Site-to-Site again.   Not sure if it matters which end I start up on the new configuration for Site-to-Site, I tried it from both directions.   One of the setups "connects", but nothing pings.  The other times out after 30 seconds and doesn't "connect" at all.

At this point, I can't ping any hosts or the LAN side interface on either side, yet the VPN shows as "Connected"

When I get this going, just how should I create the configurations...from the central site, outward to each of the others?  Or inward to the central site from each?

I have SSH open at the central site, and can poke around or nuke configs if I have to. Don't know what to remove just to start clean. I only have used the App to do configuration changes up to this point.

Executing a route "print", it does indicate there is a gateway to the subnet of the other site, via the tun_fwvpn

192.168.40.0 10.29.64.2 255.255.255.0 UG 0 0 0 tun_fwvpn

10.29.64.0 10.29.64.2 255.255.255.0 UG 0 0 0 tun_fwvpn
10.29.64.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun_fwvpn

main site:  Box Version 1.971

App Ver: g1.43.23(3.6.22)

App Ver # 577

What at I missing?

0

Comments

2 comments

Sort by Date Votes
  • Avatar
    Firewalla

    Your configuration is likely a bit complex, I just created a ticket for you, and if you have a simple network diagram, please attach to that ticket.

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    I don’t have a site to site with Firewalla’s but I do have a custom setup that used Firewalla’s client (in the app) to connect. It does not connect any longer, but I can issue the command for OpenVPN to connect with the same Config and it connect (command line). I thought it was just me so I rocked some custom config and bypassed the app client.

    Maybe something changed?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post