Open VPN: can't ping local LAN host when connected
-
Hi Netgate Community!
I have a Netgate SG-5100. I installed Open VPN and exported the Client Package to a Windows 10 laptop for remote access into the Local LAN.
When testing.. I get the Open VPN "Connected" but then I can't ping the local LAN computer. I can't RDP either.
The Server tunnel Subnet: 176.16.0.0/24
The Client Tunnel Subnet: 172.17.0.0/24
However.. on the OpenVPN .. the Client IP is 172.16.0.2... shouldn't it be "172.17.0.2"... I'm confused about this. Shouldn't I be able to ping the local LAN? I have added the Local LAN in the Client settings.
Please help. I have owners in Italy trying to get access to their host in the USA.
Thank you.
Jen Fernandez
910 885 4120 -
@jen_fernandez said in Open VPN: can't ping local LAN host when connected:
The Server tunnel Subnet: 176.16.0.0/24
The Client Tunnel Subnet: 172.17.0.0/24Where have you stated the Client tunnel subnet?
There is no need for that.In the OpenVPN server settings add the local network into the "Local Network/s" box.
-
Thanks viragomann.
I was told by Netgate support that the Client and Server tunnel subnet needed to be different... so I will test your option. I will remove the client subnet and will add the local LAN under Server settings.
I can't try until later tonight when I am near the device and can connect to LAN port.
Much appreciated... will test at 6:30pm Eastern time.
Thanks
Jen -
Hi Viragomann!
I removed the client tunnel subnet (172.17.0.0/24) in the settings.
I ensured that the IPv4 Local network on the server settings had 192.168.1.0/24..
but i still can't ping the 192.168.1.0
Where is this GW exactly? If I am giving out DHCP Addresses from LAN port.. does this LAN port have two IP addresses.. one as 172.16.0.1 and 192.168.1.0? In the System Wizard.. i set up the LAN interface as 192.168.1.1... is this a conflict? -
To Anyone -I still need help!
I have the Server Tunnel: 172.16.0.0/24
I have the Local LAN (configured on the Server) 192.168.1.0/24
I tried pinging the default GW of both of these subnets when the LAN port is connected to my laptop.. all good.
Then I tried pinging the 192.168.1.1 GW from the locallan host: 192.168.1.52 - success.I connected with Open VPN and received a Client IP of 172.16.0.2
I could successfully ping both 172.16.0.1 and 192.168.1.1 from CMD prompt of external client computer when VPN is connected.
However, I can't ping the localLAN host of 192.168.1.52 from the external client when open VPN is connected.. this failed.. Times out.
Do you see an obvious red flag? -
To Anyone:
I saw that i was on client was on Device Mode: Layer 2 Tap Mode.
I changed this to Tunnel Mode; Layer 3.
So, every time i make a change.. i download the client export package (with new configs) and then disconnect opEn VPN.. then re-install openVPN client package again. Is this correct? just checking -
To : Anyone
I tried to add the new Client Export package and noticed that the configs kept with TAP mode- for client side.. so it didn't take the change of tunnel mode.
How do i change settings on Open VPN client? -
I have removed the openVPN in WIndows 10 Programs and Features (uninstall).. then re-installed the client package and it still wanted TAP mode.. failed
-
I think i have chosen the incorrect type of open VPN.
I have tried Remote Access Server VPN and Peer-to-Peer SSL/TLS VPN
All I want to do is set up a simple client VPN.. for external clients to have access to the internal network - which type of VPN is best for this? -
Use an OpenVPN access server in tun mode and don’t care about the clients mode.
Ensure that the pfSense is the default gateway in the LAN 192.168.1.0/24 and that it doesn’t overlap with the clients LAN
-
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/openvpn-remote-access-server.html
https://www.netgate.com/resources/videos/remote-access-vpns-on-pfsense.html
https://www.netgate.com/resources/videos/remote-access-vpns-on-pfsense-part-2.html-Rico
-
Thanks Rico. I already had and used the first set of instructions.
I'm watching the first video now.
