Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot ping one way on openvpn

    OpenVPN
    4
    7
    5.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sc0rian
      last edited by

      Hello,

      We have two pfsense gateways.

      The server running: 2.0.1-RELEASE
      The client pfsense: 2.1-BETA0

      I can ping perfectly fine on pfsense, boths way etc no problem. On the server side a client can ping the local network no problem.

      The problem I have is with the client vpn, any computers connected to that cannot ping. I have watched tcpdump and can see the ping being passed to the gateway, also watched tcpdump on the server gateway and see the icmp come through. So it looks like it gets there but does not have a return path? I cannot work out whats up with it.

      Here is me pinging from  a computer on the client side of the vpn:

      10:24:47.340101 IP 172.18.1.51 > 192.168.1.35: ICMP echo request, id 1, seq 2051, length 40

      Then the server side gets the ping

      14:24:47.318466 IP 172.18.1.51 > 192.168.1.35: ICMP echo request, id 1, seq 2051, length 40

      but thats it, no return path.

      All the routes seem to be correct. Remember that it does work perfectly fine on the actual gateways.

      I have replicated the whole setup on a test setup and it works fine  ::)

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        so you have this?

        pcA– (pfsense client vpn) --- vpn ---- (pfsense vpn server) -- pcB

        So pcA can not ping pcB, but pcB can ping pcA?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • S
          Sc0rian
          last edited by

          yeah thats correct

          but on pfsense all pings are ok.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            so client pfsense can ping both pca and pcb, and server pfsense can ping both pca and pcb

            what are the networks on each side, and what do the route tables look like on pca and pcb?

            Did you follow this guide?
            http://doc.pfsense.org/index.php/OpenVPN_Site_To_Site

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • S
              Sc0rian
              last edited by

              pCA  side cannot. The clients cannot ping any addresses on pcB.

              But pcB can ping clients on pcA.

              I followed this guide

              http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)

              1 Reply Last reply Reply Quote 0
              • H
                heper
                last edited by

                if the both pfa & b can ping clients on either side its more then likely a firewalling issue. check by doing the same pings from pfa or b and specifying the lan interface to ping from

                1 Reply Last reply Reply Quote 0
                • A
                  AlPri
                  last edited by

                  Hi ScOrian, did you find your problem, because I encounter almost exactly the same and I find no solution !

                  For me, like you, from pf all is ok but pcA cannot ping pcB and vice-versa !

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.