Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Clients cannot talk to each other

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 4 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      tempes2k
      last edited by

      hi, what about your firewall rules?
      let us know which rules you have.

      1 Reply Last reply Reply Quote 0
      • H Offline
        highc
        last edited by

        The interfaces WAN and OpenVPN both have the rules created by the OpenVPN wizard right at the top.

        WAN then has a number of port forwards (not 31195), but only after that OpenVPN rule.

        ![Firewall WAN.png](/public/imported_attachments/1/Firewall WAN.png)
        ![Firewall WAN.png_thumb](/public/imported_attachments/1/Firewall WAN.png_thumb)
        ![Firewall OpenVPN.png](/public/imported_attachments/1/Firewall OpenVPN.png)
        ![Firewall OpenVPN.png_thumb](/public/imported_attachments/1/Firewall OpenVPN.png_thumb)

        pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
        pfSense 2.6 on Super Micro 5018D-FN4T (retired)

        1 Reply Last reply Reply Quote 0
        • DerelictD Offline
          Derelict LAYER 8 Netgate
          last edited by

          And the OpenVPN Clients just need to talk to each other? Not a bridged interface on the server?

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • H Offline
            highc
            last edited by

            I just want the clients to be able to talk to each other, yes - so that they are in the same subnet with broadcasts etc. working. To enable "LAN gaming" mode as offered by some games.

            pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
            pfSense 2.6 on Super Micro 5018D-FN4T (retired)

            1 Reply Last reply Reply Quote 0
            • V Offline
              viragomann
              last edited by

              Maybe a stupid question, but I'm not sure of this: Have you considered to access the other client by his VPN IP?

              1 Reply Last reply Reply Quote 0
              • H Offline
                highc
                last edited by

                10.0.11.2 (first VPN client) can ping 10.0.11.1 (pfSense). 10.0.11.3 (2nd VPN client) can ping 10.0.11.3. 10.0.11.2 cannot ping 10.0.11.3 (or vice versa).

                pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
                pfSense 2.6 on Super Micro 5018D-FN4T (retired)

                1 Reply Last reply Reply Quote 0
                • V Offline
                  viragomann
                  last edited by

                  Ensure that the clients system firewall doesn't block the access.
                  Windows firewalls classifies such VPNs as untrusted as there is no gateway set and blocks access from it.

                  To outfox this behavior, I push the default route to the client with a high metric, so the origin default route is still preferred. However the metric is applied to all routes pushed by the OpenVPN server, but that doesn't matter usually.

                  In your case, since that only pertains two clients, it would be better to try to set the VPN as trusted network in Windows or open up the firewall to allow that access.

                  1 Reply Last reply Reply Quote 0
                  • H Offline
                    highc
                    last edited by

                    Windows Firewalls are diabled on both machines…

                    With pushing a route, do you mean adding

                    push "route 10.0.11.0 255.255.255.0"
                    

                    to "Custom options" in the "Advanced Configuration" part of the OpenVPN server configuration?

                    pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
                    pfSense 2.6 on Super Micro 5018D-FN4T (retired)

                    1 Reply Last reply Reply Quote 0
                    • V Offline
                      viragomann
                      last edited by

                      push "route-metric 512";push "route 0.0.0.0 0.0.0.0"
                      
                      1 Reply Last reply Reply Quote 0
                      • H Offline
                        highc
                        last edited by

                        Thanks, works!

                        pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
                        pfSense 2.6 on Super Micro 5018D-FN4T (retired)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.