Clients cannot talk to each other
-
hi, what about your firewall rules?
let us know which rules you have. -
The interfaces WAN and OpenVPN both have the rules created by the OpenVPN wizard right at the top.
WAN then has a number of port forwards (not 31195), but only after that OpenVPN rule.
![Firewall WAN.png](/public/imported_attachments/1/Firewall WAN.png)
![Firewall WAN.png_thumb](/public/imported_attachments/1/Firewall WAN.png_thumb)
![Firewall OpenVPN.png](/public/imported_attachments/1/Firewall OpenVPN.png)
![Firewall OpenVPN.png_thumb](/public/imported_attachments/1/Firewall OpenVPN.png_thumb) -
And the OpenVPN Clients just need to talk to each other? Not a bridged interface on the server?
-
I just want the clients to be able to talk to each other, yes - so that they are in the same subnet with broadcasts etc. working. To enable "LAN gaming" mode as offered by some games.
-
Maybe a stupid question, but I'm not sure of this: Have you considered to access the other client by his VPN IP?
-
10.0.11.2 (first VPN client) can ping 10.0.11.1 (pfSense). 10.0.11.3 (2nd VPN client) can ping 10.0.11.3. 10.0.11.2 cannot ping 10.0.11.3 (or vice versa).
-
Ensure that the clients system firewall doesn't block the access.
Windows firewalls classifies such VPNs as untrusted as there is no gateway set and blocks access from it.To outfox this behavior, I push the default route to the client with a high metric, so the origin default route is still preferred. However the metric is applied to all routes pushed by the OpenVPN server, but that doesn't matter usually.
In your case, since that only pertains two clients, it would be better to try to set the VPN as trusted network in Windows or open up the firewall to allow that access.
-
Windows Firewalls are diabled on both machines…
With pushing a route, do you mean adding
push "route 10.0.11.0 255.255.255.0"
to "Custom options" in the "Advanced Configuration" part of the OpenVPN server configuration?
-
push "route-metric 512";push "route 0.0.0.0 0.0.0.0"
-
Thanks, works!