Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    (Solved) OpenVPN connects but not ping the internal network

    Scheduled Pinned Locked Moved
    OpenVPN
    3
    10
    2.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rec
      last edited by

      Hello, OpenVPN connects but not ping the internal network.

      My internal network is 192.168.0.0/24.
      The tunnel and OpenVPN: 172.16.0.0/24.

      Already redid the setup of OpenVPN but do not know where I am wrong.




      Thanks.

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        The first thing I would do is disable the software firewall on the machine you're trying to connect to, so we can rule that out.

        Second, make sure you're running the openvpn client as admin.

        Third, post your server1.conf, so we can look at your config.

        1 Reply Last reply Reply Quote 0
        • R
          rec
          last edited by

          Thank you for your help marvosa,

          1. Firewall is disabled and still does not connect.
          2. My user is administrator.
          3. As follows Server2.CONF Server1.CONF is a VPN server vs server.

          My Server2.Conf (/var/etc/openvpn/server2.conf)

          
dev ovpns2
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 123.123.123.123
tls-server
server 172.16.0.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server2.php via-env
lport 1234
management /var/etc/openvpn/server2.sock unix
push "redirect-gateway def1"
ca /var/etc/openvpn/server2.ca 
cert /var/etc/openvpn/server2.cert 
key /var/etc/openvpn/server2.key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server2.tls-auth 0
comp-lzo
push "dhcp-option DNS 192.168.0.231"

push "dhcp-option WINS 192.168.0.231"

route 192.168.0.0 255.255.255.0

          Thanks.

          1 Reply Last reply Reply Quote 0
          • M
            marvosa
            last edited by

            • Remove "route 192.168.0.0 255.255.255.0" from your advanced config.  That is actually telling the PFsense to route your LAN through the tunnel.

            • Uncheck "Force all client generated traffic through the tunnel.", enter "192.168.0.0/24" in the "IPv4 Local Network/s" field, re-check  "Force all client generated traffic through the tunnel.", save.

            • I'd remove the other two push directives from your advanced config and add that IP to "DNS Servers" and "WINS Servers" in the GUI and let PFsense auto-generate those lines.

            • "My users is administrator" can be interpreted a couple ways, so I'll just say it… you have to explicitly run the client as administrator...  i.e. right-click, "Run as administrator" or the client will not have permissions to add routes.

            At this point, assuming you didn't manually add anything to the client side, you should be good to go.

            After you've got it working, you should consider moving your LAN scope off the 192.168.0.0/24 network, it's too common and will cause you problems sooner or later.

            1 Reply Last reply Reply Quote 0
            • R
              rec
              last edited by

              marvosa hello, I did everything you said and it did not work. Until 10 days ago was running normal and was not updated anything.

              What I noticed is that when the client connects to the OpenVPN it drops the connection and gets to drop the sails and Skype but not even drips on the 192.168.0.0/24 network.

              Thanks for the help, if you can help me more I am grateful.

              1 Reply Last reply Reply Quote 0
              • M
                marvosa
                last edited by

                Reboot PFsense, then repost your server2.conf.

                Sometimes after certain changes PFsense needs a reboot to get things working for some reason.

                1 Reply Last reply Reply Quote 0
                • R
                  rec
                  last edited by

                  Thanks again marvosa, did not connect, I rebooted the pfSense as requested.

                  
dev ovpns2
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 123.123.123.123
tls-server
server 172.16.0.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server2.php via-env
lport 1234
management /var/etc/openvpn/server2.sock unix
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 192.168.0.231"
push "dhcp-option NTP 192.168.0.231"
ca /var/etc/openvpn/server2.ca 
cert /var/etc/openvpn/server2.cert 
key /var/etc/openvpn/server2.key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server2.tls-auth 0
comp-lzo

                  Tanks

                  1 Reply Last reply Reply Quote 0
                  • M
                    marvosa
                    last edited by

                    Ok, I would do 2 things:

                    • Re-verify that your DNS server is indeed @ 192.168.0.231, has network connectivity and that the software firewall is off.

                    • Verify that the machines on your LAN (including the DNS server) are using PFsense as the default gateway

                    1 Reply Last reply Reply Quote 0
                    • R
                      rec
                      last edited by

                      marvosa, thanks for the help.

                      It worked now, just changed the IP to 172.16.1.0 and gave first began to PING the same second.

                      It seems that pfsense does not accept second virtual IP in the same class.

                      Thanks for your help.

                      1 Reply Last reply Reply Quote 0
                      • K
                        kejianshi
                        last edited by

                        killing two birds with one stone?

                        Smart…

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post