Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cant ping all the devices on my network but can ping some of them

    WireGuard
    2
    3
    832
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrchip
      last edited by

      I setup wireguard vpn package and then a wireguard client on a windows machine. I am able to make a connection into wireguard can only ping some but not all the devices behind the pfsense. However I can ping all the devices if I am local behind the lan.

      Windows laptop with WIregaurd client (192.168.1.x)
      PFSense (192.168.2.x)wgvpn not showing all.JPG

      Windows box 192,168,2,22 can use no machine (RDP program) to access BUT cannot ping that IP or access the file shares on it.
      Debian box 192.168.2.108 Can not ping (ip or hostname), Cannot access shares
      WDMybook - can ping (IP but NOT hosthame) and access shares

      Ran lan scanner and it only shows up a handful of ip's but if I run lan scanner behind the firewall it shows up alot more.. None of which seem accessible.

      Any ideas. Particularly weird about the 192.168.2.22 box as I can't ping or access file shares but No Machine is able to connect to it via 192.168.2.22:4000
      I've attached a pic of the lanscanner from behind the f/w (the longer list) and the lanscanner from the vpn side. All settings in lanscanner are the same on both tests.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @mrchip
        last edited by

        @mrchip said in Cant ping all the devices on my network but can ping some of them:

        Windows box 192,168,2,22 can use no machine (RDP program) to access BUT cannot ping that IP or access the file shares on it.
        Debian box 192.168.2.108 Can not ping (ip or hostname), Cannot access shares

        You already know the short answer : all these device also have a firewall.
        When you connect for the first time to a network, let's take the "Windows box 192,168,2,22" as an example, you saw a question popping up : Private or Public ?
        If you have chosen Public, then from now on, this widows device will 'never' answer to 'any' request, like share or ping or whatever - wherever it came from : the local network 192.168.2.0/24, or elsewhere.
        Still, with "Private", you have to check your device's firewall : does it accept requests if they come outside of the local 192.168.2.0/24.
        RDP is a good example : by default, it will not accepts connections if the came from outside 192.168.2.0/24. You had to 'do' something so you can connect to it from, for example, 192.168.10.2.

        @mrchip said in Cant ping all the devices on my network but can ping some of them:

        WDMybook - can ping (IP but NOT hosthame) and access shares

        First check : does 'pfSense' (the resolver) has the host name of your WDMybook ?
        I have a NAS, called "diskstation2". I check :

        [23.09.1-RELEASE][root@pfSense.bhf.net]/tmp: host diskstation2
diskstation2.bhf.net has address 192.168.1.33
diskstation2.bhf.net has IPv6 address 2a01:cb19:dead:beef::c2

        This worked for me, because I gave this device diskstation2, a server device after all, and I need to be able to connect to it from 'elsewhere' so I gave it a host name by using the DHCP static MAC lease on my LAN DHCP server.
        Using a host name is important as IPv4 starts to faed ouit, and no one will be able to remember stuff like 2a01:cb19:dead:beef::c2.
        So, setting up, and using your DNS (pfSense for example) is important.

        Next : when I connect to my network from elsewhere, using a VPN client, I've set up my OpenVPN pfSense server so it tells the client to use the OpenVPN (pfSense) DNS for its DNS needs.
        Now, on the device I use to connect to my pfSense, I will also use the pfSense resolver to question it about DNS. And this DNS knows all about my local 'LAN' devices.
        Was I using some other DNS like 8.8.8.8 then no, it will not t know about my "diskstation2" about your "WDMybook ".

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        M 1 Reply Last reply Reply Quote 1
        • M
          mrchip @Gertjan
          last edited by

          @Gertjan Thanks very much for the ideas & sorry for the late reply...family went on a surprise vacay. So yes the windows firewall was blocking it but blocking before the "Private or Public" pop up. I only mention in case someone else stumbles upon this thread and needs clarification. The Nic was set to "Private". To resolve I had to go into the windows firewall rules and add an inbound rule. Under "Scope", "Remote IP Addresses" I added my vpn range. I can now ping & access the file shares - the security pop up box does in fact now pop up asking for the credentials.

          The WDMybook has a static IP BUT set within the configuration of the WDMybook GUI. It is within PFSense's dynamic IP range so I will change to WDMybook to dynamic (within the WDMybook Settings) and then set a static ip address for it within PFSense.

          I do have wireguard set to use the dns ip of pfsense.

          As for the remaining ip's. One device is a debian box that will also need it's firewall rules adjusted if I want access to it. The others are Amazon devices and they (Amazon) seem to block VPN's. I think it's a blanket thing to prevent ppl trying to access content outside of their global region but seems to also block incoming connections. Not a big deal as I don't need access to the echo dot's from outside.

          Thanks for the help. Glad it's working

          1 Reply Last reply Reply Quote 0
          • First post
            Last post