Only able to ping router/openvpn gateway

Clone1B

Hi all,

I've recently set up pfsense with openvpn, I've been able to connect but when I do I've only been able to ping the pfsense's LAN interface and its OpenVPN interface, nowhere else on the LAN network which I need.
WAN and OpenVPN firewall rules are set to allow-all (temp while testing)

LAN interface: 192.168.6.3
LAN subnet: 192.168.6.0/24
OpenVPN virtual subnet: 192.168.7.0/24

OpenVPN server settings:
Mode: Remote Access ( User Auth )
Backend: AD
Protocol: UDP
Device Mode: Tun
Interface: WAN
Port: 1194
TLS Auth: Enabled with proper certs
DH Param: 1024 bits
Encryption: AES-128-CBC
Cert Depth: One

Tunneled network: 192.168.7.0/24
Redirect gateway: no
Local network: 192.168.6.0/24
Compression: Yes
ToS: No
Inter-client: No
Dup Conns.: No

Dynamic IP: Yes
Adress Pool: Yes
DNS Default domain: Set to LAN's default domain
DNS servers: set to LAN's DNS server
NTP Servers: set to LAN's NTP server
NetBIOS: No

Heres the OpenVPN interface on the client:
  Link-local IPv6 Address . . . . . : fe80::9938:c538:dd11:701d%20
  IPv4 Address. . . . . . . . . . . : 192.168.7.6
  Subnet Mask . . . . . . . . . . . : 255.255.255.252
  Default Gateway . . . . . . . . . :

Heres all the routes involving OpenVPN on the client:
     192.168.6.0    255.255.255.0      192.168.7.5      192.168.7.6     30
     192.168.7.1  255.255.255.255      192.168.7.5      192.168.7.6     30
     192.168.7.4  255.255.255.252         On-link       192.168.7.6    286
     192.168.7.6  255.255.255.255         On-link       192.168.7.6    286
     192.168.7.7  255.255.255.255         On-link       192.168.7.6    286

I can ping 192.168.6.3, 192.168.7.1, but nothing else.

Anyone got any ideas?

heper

do you allow traffic to and from you LAN subnet from the openvpn connection?
do the clients in the LAN subnet all have the pfsense set as a gateway?

be sure to check the firewall rules on the LAN-tab and see if there is a rule with Gateway:* that would match when trying to connect/reply to the openvpn client

cmb

What's the default gateway for the LAN hosts? Guessing it's something other than pfSense, which means you need routing on the device that's the default gateway to get the OpenVPN tunnel network IPs back to pfSense.

marvosa

I hate to "assume"… cause you know what happens... lol... so lets get some particulars out of the way:

1.  Is the software firewall disabled on any hosts you're trying to ping?
2.  Are clients running openvpn as admin? (win 7 / vista)
3.  Can we see screen shots of your LAN and OPENVPN tabs?
4.  What is the IP of your AD server?
5.  When you are pinging around, are you pinging by IP or hostname?
6.  Post routing table on PFsense.

Clone1B

Thanks for the replies. I'll try some of the suggestions out and let you know. For now…

1.  Is the software firewall disabled on any hosts you're trying to ping?
Yes
2.  Are clients running openvpn as admin? (win 7 / vista)
Is this an issue? They haven't been but they can
3.  Can we see screen shots of your LAN and OPENVPN tabs?
They're set to wildcard any, allow all from all
4.  What is the IP of your AD server?
192.168.6.2, LDAP auth is working fine
5.  When you are pinging around, are you pinging by IP or hostname?
IP
6.

Edit: After disabling windows FW (for the second time, likes to re-enable itself) and setting the gateway to the pfsense box I can pass traffic back and forth between pfSense and the OpenVPN client. Thanks a ton guys!