Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    One host inaccessible, others are fine

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 4 Posters 1.3k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      peterlecki
      last edited by peterlecki

      OpenVPN works and I can connect just fine. I can access most hosts. Except one. They're all on the same network. I can ping 192.168.1.1 and .50 but not .11 even though it does respond to pings from hosts on that LAN. It's not only ICMP, same story with HTTP.

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @peterlecki
        last edited by

        @peterlecki
        Check the hosts firewall. It might block access from outside the subnet it resides.

        P 1 Reply Last reply Reply Quote 0
        • P Offline
          peterlecki @viragomann
          last edited by

          @viragomann
          The device is a managed switch so it doesn't have a firewall but it could be hard-coded to only communicate with hosts on the same subnet. Which would explain why I can't reach from the VPN subnet.

          V 1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann @peterlecki
            last edited by

            @peterlecki said in One host inaccessible, others are fine:

            The device is a managed switch

            Does it have a gateway setting?

            Even this or any, you can do a workaround with masquerading on pfSense by setting up an outbound NAT rule for this device.

            P A 2 Replies Last reply Reply Quote 0
            • B Offline
              Bambos
              last edited by

              i had this issue before. The problematic device gateway, is not the pfsense lan gateway as it should.

              1 Reply Last reply Reply Quote 0
              • P Offline
                peterlecki @viragomann
                last edited by

                @viragomann @Bambos
                Thanks guys for pointing out yet another user error ID10T

                1 Reply Last reply Reply Quote 0
                • A Offline
                  audiobahn @viragomann
                  last edited by

                  @viragomann said in One host inaccessible, others are fine:

                  @peterlecki said in One host inaccessible, others are fine:

                  The device is a managed switch

                  Does it have a gateway setting?

                  Even this or any, you can do a workaround with masquerading on pfSense by setting up an outbound NAT rule for this device.

                  Hi, I'm having a similar issue with some ports of a specific host not being accessible over an OpenVPN connection even though they're accessible over the LAN. Would the "NAT" work around work for this issue?

                  V 1 Reply Last reply Reply Quote 0
                  • V Offline
                    viragomann @audiobahn
                    last edited by

                    @audiobahn
                    If a device is accessible from other devices within the same subnet, but not from the VPN or other network segments it should be accessible from outside with NAT though, because this way the packets get a source IP from its own subnet.

                    However, in most cases it is the firewall on the respective device itself, which is simply blocking outside access. So the NAT is a hack and not recommended. You should better configure the devices firewalls accordingly.

                    There are only rare dumb devices, which have no possibility to configure a gateway, where NAT is a good workaround.

                    1 Reply Last reply Reply Quote 1
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.