Clients cannot talk to each other
-
Hi - I setup an OpenVPN server for 2 clients to be able to talk to each other (and, ideally, get the same broadcasts so that they can play together for gaming etc.).
When the clients connect, both can ping their own machine and the server. But they cannot ping each other.
I have attached screen shots from the server configuration.
client configurations were created with the export package and look like this:
dev tap persist-tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote <ip>31195 udp verify-x509-name "pfSenseOpenVPNGamingServer" name auth-user-pass pkcs12 router-udp-31195-name.p12 tls-auth router-udp-31195-name-tls.key 1 remote-cert-tls server</ip>
Routing on the clients looks ok as well… from "route print":
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 15 10.0.11.0 255.255.255.0 Auf Verbindung 10.0.11.2 291 10.0.11.2 255.255.255.255 Auf Verbindung 10.0.11.2 291 10.0.11.255 255.255.255.255 Auf Verbindung 10.0.11.2 291 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331 192.168.1.0 255.255.255.0 Auf Verbindung 192.168.1.2 271 192.168.1.2 255.255.255.255 Auf Verbindung 192.168.1.2 271 192.168.1.255 255.255.255.255 Auf Verbindung 192.168.1.2 271 192.168.56.0 255.255.255.0 Auf Verbindung 192.168.56.1 281 192.168.56.1 255.255.255.255 Auf Verbindung 192.168.56.1 281 192.168.56.255 255.255.255.255 Auf Verbindung 192.168.56.1 281 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 331 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.56.1 281 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.1.2 271 224.0.0.0 240.0.0.0 Auf Verbindung 10.0.11.2 291 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.56.1 281 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.1.2 271 255.255.255.255 255.255.255.255 Auf Verbindung 10.0.11.2 291
Any hint what might be wrong?
Thanks!
-
hi, what about your firewall rules?
let us know which rules you have. -
The interfaces WAN and OpenVPN both have the rules created by the OpenVPN wizard right at the top.
WAN then has a number of port forwards (not 31195), but only after that OpenVPN rule.
![Firewall WAN.png](/public/imported_attachments/1/Firewall WAN.png)
![Firewall WAN.png_thumb](/public/imported_attachments/1/Firewall WAN.png_thumb)
![Firewall OpenVPN.png](/public/imported_attachments/1/Firewall OpenVPN.png)
![Firewall OpenVPN.png_thumb](/public/imported_attachments/1/Firewall OpenVPN.png_thumb) -
And the OpenVPN Clients just need to talk to each other? Not a bridged interface on the server?
-
I just want the clients to be able to talk to each other, yes - so that they are in the same subnet with broadcasts etc. working. To enable "LAN gaming" mode as offered by some games.
-
Maybe a stupid question, but I'm not sure of this: Have you considered to access the other client by his VPN IP?
-
10.0.11.2 (first VPN client) can ping 10.0.11.1 (pfSense). 10.0.11.3 (2nd VPN client) can ping 10.0.11.3. 10.0.11.2 cannot ping 10.0.11.3 (or vice versa).
-
Ensure that the clients system firewall doesn't block the access.
Windows firewalls classifies such VPNs as untrusted as there is no gateway set and blocks access from it.To outfox this behavior, I push the default route to the client with a high metric, so the origin default route is still preferred. However the metric is applied to all routes pushed by the OpenVPN server, but that doesn't matter usually.
In your case, since that only pertains two clients, it would be better to try to set the VPN as trusted network in Windows or open up the firewall to allow that access.
-
Windows Firewalls are diabled on both machines…
With pushing a route, do you mean adding
push "route 10.0.11.0 255.255.255.0"
to "Custom options" in the "Advanced Configuration" part of the OpenVPN server configuration?
-
push "route-metric 512";push "route 0.0.0.0 0.0.0.0"
-
Thanks, works!