Openvpn connected but vpn client can't ping some server but all server can ping
-
Help me.
My LAN 10.8.0.0/21. DHCP scope 10.8.4.0. pf is GW default for LAN.
I'm has connected openvpn. vpnclient has Ip 10.0.8.6.
I can ping PCs with IP in scope DHCP and I can browse sites intranet.
But I can't ping PCs has IP static and Ip of sites intranet. However at PCs has Ip static and server sites intranet i can ping vpn client (stop firewall for server). Why??
Config standard openvpn by vizards.
Everybody can help me?? -
Few possible reasons:
- You haven't allowed trafic to vpn interface from your intranet-sites
- VPN-client doesn't have route to other machines, you can use advanced setting "push route"…
-
Post your config, firewall rules and a network map, so we can help.
-
To Metu69salemi
- trafic to vpn interface * * * * * *.
- push route 10.8.0.0, i has ping PCs have IP from DHCP
To Marvosa
Net map: Internet–-----pfsense (allow all)-------LAN (10.8.0.0/21).
LAN: - IP static ex 10.8.0.1-10.8.1.254
- IP dynamic from DHCP scope 10.8.4.0 -10.8.4.254
- DNS 10.8.0.1
- GW df pfsense
- option scapoe dhcp: DNS, GW
firewall allow all on interface LAN
firewall allow all on interface OpenVPN
from PC has IP static i can ping vpn client but from vpn client i can't ping PC has ip static, only ping PCs has IP dynamic
server cf:
dev ovpns1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local ...
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 10
push "route 10.8.0.0 255.255.248.0"
push "dhcp-option DOMAIN btp.com.vn"
push "dhcp-option DNS 10.8.0.1"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
floatclient cf
dev tun
persist-tun
persist-key
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote ... 1194 udp
tls-remote OpenVPNsrvCert
auth-user-pass
ca pfSense-udp-1194-user-ca.crt
cryptoapicert "SUBJ:user"
tls-auth pfSense-udp-1194-user-tls.key 1
comp-lzo -
Looks like a subnet/routing/config issue:
Your LAN is configured with 10.0.8.0/24, but you are pushing 10.8.0.0/21 to your clients.
Edit your LAN subnet accordingly.
-
sorry because Ips do not real Ips. I setting IP LAN exactly with sunetmask 21.
-
Can you re-phrase? I'm not following what you said.