OpenVPN site-to-site not working after configuration restore

        I've a lab with a pfSense 2.4.0 in a VM in VMWare. It is working OK. I am using two VPN site to site using OpenVPN, the lab side is the "server" and two remote sites are the "client". Both are working OK.
Now I need to migrate the lab pfSense to another environment. I've installed a fresh clean pfSense 2.4.0 and after a basic config, I've restored the configuration of the working pfSense. All is restored, firewall rules, NAT, HAProxy, OpenVPN, etc... But one of the two VPN is not working. Both are configured the same way, one is working, the other doesn't. I am using shared passphrase for both, no certificate is involved. I don't understand why one is working and the other does not. These are the logs in the lab side, where the pfSense has been migrated:
Mar 24 16:54:30 openvpn 11712 UDPv4 link remote: [AF_UNSPEC]
Mar 24 16:54:30 openvpn 11712 UDPv4 link local (bound): [AF_INET]192.168.0.66:1196
Mar 24 16:54:30 openvpn 11712 /usr/local/sbin/ovpn-linkup ovpns3 1500 1560 192.168.170.1 192.168.170.2 init
Mar 24 16:54:30 openvpn 11712 /sbin/ifconfig ovpns3 192.168.170.1 192.168.170.2 mtu 1500 netmask 255.255.255.255 up
Mar 24 16:54:30 openvpn 11712 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mar 24 16:54:30 openvpn 11712 ioctl(TUNSIFMODE): Device busy (errno=16)
Mar 24 16:54:30 openvpn 11712 TUN/TAP device /dev/tun3 opened
Mar 24 16:54:30 openvpn 11712 TUN/TAP device ovpns3 exists previously, keep at program end
Mar 24 16:54:30 openvpn 11712 GDG: problem writing to routing socket
Mar 24 16:54:30 openvpn 11712 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
And these are the logs in the client side, the pfSense that is not touched ("client"):
Mar 24 15:57:52 openvpn 11694 UDPv4 link remote: [AF_INET]81.184.114.108:1196
Mar 24 15:57:52 openvpn 11694 UDPv4 link local (bound): [AF_INET]163.172.30.171:1196
Mar 24 15:57:52 openvpn 11694 Preserving previous TUN/TAP instance: ovpnc1
Mar 24 15:57:52 openvpn 11694 Re-using pre-shared static key
Mar 24 15:57:52 openvpn 11694 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 24 15:57:50 openvpn 11694 SIGUSR1[soft,ping-restart] received, process restarting
Mar 24 15:57:50 openvpn 11694 Inactivity timeout (--ping-restart), restarting
This is the network configuration of the interfaces. ABCloud01 is the failing one. Thanks a lot for your help.

Leave Your Comment

Leave a Reply

%d bloggers like this: