Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can;t ping internal Network

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V Offline
      viragomann
      last edited by

      @Chrismallia:

      i can ping the pfsense ip 192.168.1.1 but not the rest.

      Is pfSense the default gateway at the rest?

      1 Reply Last reply Reply Quote 0
      • C Offline
        Chrismallia
        last edited by

        Yes it is

        1 Reply Last reply Reply Quote 0
        • V Offline
          viragomann
          last edited by

          Also check if client firewalls are running and are blocking access from unknown networks.

          1 Reply Last reply Reply Quote 0
          • C Offline
            Chrismallia
            last edited by

            Thanks for your help. I just bumped into something the only device that I can't ping is the server  that is windows and it has a static dhcp from pfsense of 192.168.1.2 look like the coz is that it has static IP but that will be a problem

            1 Reply Last reply Reply Quote 0
            • C Offline
              Chrismallia
              last edited by

              The Ping from windows CMD

              cmd.PNG
              cmd.PNG_thumb

              1 Reply Last reply Reply Quote 0
              • C Offline
                Chrismallia
                last edited by

                Ok forget the IP thing.  I tried to ping a phone S6 and a laptop windows 10 and did not ping the only thing I can ping is unifi AP, so I turned off windows firewall on the server and laptop  and I can ping them now

                1 Reply Last reply Reply Quote 0
                • C Offline
                  Chrismallia
                  last edited by

                  any ideas anyone what the problem might ? be I never had to turn off firewalls to get to internal network using openvpn

                  1 Reply Last reply Reply Quote 0
                  • V Offline
                    viragomann
                    last edited by

                    The Windows firewalls? As you've figured out yourself.

                    The hosts firewalls block access from other subnets by default as already mentioned. So set up the firewalls to allow access from the VPN tunnel subnet.

                    You may also add a SNAT rule to pfSense which translates the VPN clients source IP of packets destined to a LAN host to the LAN IP. That's what many other dummy routers do by default.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ Offline
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      What IP are you using for your remote clients, what network are you using for your tunnel..

                      What IP does your client have on its remote network..

                      Firewalls are going to block remote networks quite often yes.. Windows out of the box for sure not going to let you ping from a non local network.

                      So you are on some remote network, lets say starbucks and you get an IP 192.168.10.14..  Your tunnel network on pfsense is say 10.0.8/24 and your local home network behind pfsense is 192.168.1.. when you connect your remote client gets a 10.0.8.x IP it talks down the tunnel to get to 192.168.1/24 etc..

                      Where you can have problems is if your starbucks your at hands you a 192.168.1.x IP – now does your client know to go down the tunnel to get to a 192.168.1 IP or why should it - that is is local network.  This is why 192.168.0 or .1 is normally bad idea to use as local network - this is too common and you could have problems when your on a remote network and want to vpn to your network.

                      I would suggest you change your network to something less common.  Use a uncommon tunnel network, make sure all your local devices firewalls all for access from your tunnel network.  And yes all your local devices if you want to be able to get to them remote would have to have internet access through pfsense.. ie they point to pfsense as their gateway.

                      Local software firewalls seem to be a killer for users.. Or they install some 3rd anti virus that is also running a firewall, etc.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • C Offline
                        Chrismallia
                        last edited by

                        Tunnel Network is 10.0.8.0/24

                        Pfsense gateway 192.168.1.1/24

                        client gets 10.0.0.8.2

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.