Only able to ping router/openvpn gateway
-
Hi all,
I've recently set up pfsense with openvpn, I've been able to connect but when I do I've only been able to ping the pfsense's LAN interface and its OpenVPN interface, nowhere else on the LAN network which I need.
WAN and OpenVPN firewall rules are set to allow-all (temp while testing)LAN interface: 192.168.6.3
LAN subnet: 192.168.6.0/24
OpenVPN virtual subnet: 192.168.7.0/24OpenVPN server settings:
Mode: Remote Access ( User Auth )
Backend: AD
Protocol: UDP
Device Mode: Tun
Interface: WAN
Port: 1194
TLS Auth: Enabled with proper certs
DH Param: 1024 bits
Encryption: AES-128-CBC
Cert Depth: OneTunneled network: 192.168.7.0/24
Redirect gateway: no
Local network: 192.168.6.0/24
Compression: Yes
ToS: No
Inter-client: No
Dup Conns.: NoDynamic IP: Yes
Adress Pool: Yes
DNS Default domain: Set to LAN's default domain
DNS servers: set to LAN's DNS server
NTP Servers: set to LAN's NTP server
NetBIOS: NoHeres the OpenVPN interface on the client:
Link-local IPv6 Address . . . . . : fe80::9938:c538:dd11:701d%20
IPv4 Address. . . . . . . . . . . : 192.168.7.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . :Heres all the routes involving OpenVPN on the client:
192.168.6.0 255.255.255.0 192.168.7.5 192.168.7.6 30
192.168.7.1 255.255.255.255 192.168.7.5 192.168.7.6 30
192.168.7.4 255.255.255.252 On-link 192.168.7.6 286
192.168.7.6 255.255.255.255 On-link 192.168.7.6 286
192.168.7.7 255.255.255.255 On-link 192.168.7.6 286I can ping 192.168.6.3, 192.168.7.1, but nothing else.
Anyone got any ideas?
-
do you allow traffic to and from you LAN subnet from the openvpn connection?
do the clients in the LAN subnet all have the pfsense set as a gateway?be sure to check the firewall rules on the LAN-tab and see if there is a rule with Gateway:* that would match when trying to connect/reply to the openvpn client
-
What's the default gateway for the LAN hosts? Guessing it's something other than pfSense, which means you need routing on the device that's the default gateway to get the OpenVPN tunnel network IPs back to pfSense.
-
I hate to "assume"… cause you know what happens... lol... so lets get some particulars out of the way:
1. Is the software firewall disabled on any hosts you're trying to ping?
2. Are clients running openvpn as admin? (win 7 / vista)
3. Can we see screen shots of your LAN and OPENVPN tabs?
4. What is the IP of your AD server?
5. When you are pinging around, are you pinging by IP or hostname?
6. Post routing table on PFsense. -
Thanks for the replies. I'll try some of the suggestions out and let you know. For now…
1. Is the software firewall disabled on any hosts you're trying to ping?
Yes
2. Are clients running openvpn as admin? (win 7 / vista)
Is this an issue? They haven't been but they can
3. Can we see screen shots of your LAN and OPENVPN tabs?
They're set to wildcard any, allow all from all
4. What is the IP of your AD server?
192.168.6.2, LDAP auth is working fine
5. When you are pinging around, are you pinging by IP or hostname?
IP
6.
Edit: After disabling windows FW (for the second time, likes to re-enable itself) and setting the gateway to the pfsense box I can pass traffic back and forth between pfSense and the OpenVPN client. Thanks a ton guys!