Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    site to site cannot ping between LAN clients

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 384 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ale992
      last edited by

      I've setup an openvpn site-to-site between my home and my parents home following this guide: https://www.virtualtothecore.com/create-a-stretched-lan-between-your-site-and-vcloud-using-pfsense/

      The subnet in both sites is 192.168.10.0/24
      The LAN interface at my parents home (Site A) is 192.168.10.1 and at my home (Site B) is 192.168.10.200
      DHCP is enabled in both sites, range is 192.168.10.100 - 192.168.10.149 in Site A and 192.168.10.150 - 192.168.10.199 in Site B, as in the guide is blocked by the firewall so it will not cross the bridge.

      I can ping between 192.168.10.1 and 192.168.10.200 and nothing else: pfsense at Site A cannot ping Site B LAN clients and pfsense at Site B cannot ping clients in Site A LAN.
      After some tried i've noticed that after tried to ping from "Client A" (192.168.10.100) at Site A, to "Client B" (192.168.10.151) at Site B, in the pfsense ARP Table at Site B was registered an entry for Client A:
      7af37540-bd14-4498-b927-088ff4820460-image.png
      so there is some traffic passing the tunnel but

      Here is the server configuration at Site A
      cf71d9f8-658e-4477-b3db-92afbd683fa0-image.png

      The config of the client at Site B
      79a11e72-b76f-46cb-880f-c0c301ee7844-image.png
      Firewall rules at Site A
      3419eea2-6d09-4906-973d-d4540fd87cd7-image.png
      2c4a85b8-42d0-4fc8-9400-38b4e2c674ad-image.png a86e1e65-172a-4c08-a564-cab7583ed103-image.png 496cf4e5-ebaf-40dc-8368-a72dbbb69904-image.png

      Site B firewall
      54fce16b-e21c-4523-9dad-5c339c47ceb9-image.png 668f2d93-51c4-4c1f-a18b-ab1e834937bb-image.png 1c6ebc8e-d379-47aa-ba11-fb6389cfea47-image.png e59eb03a-fd63-434c-9ec9-857d29b57f83-image.png

      I'm quite new to this type of config with OpenVPN, i've only used a road warrior setup for my phone and nothing else.

      Seems to me like the bridge between the LAN and the VPN interface is not properly setup, but i can't see anything wrong here:
      Site A
      359b0c6c-fa71-4b28-83e8-6808803b6434-image.png
      Site B
      369970c8-c15f-404a-96dd-ef37fb6f9a73-image.png

      1 Reply Last reply Reply Quote 0
      • emammadovE
        emammadov
        last edited by

        Hello,

        It will work If you disable firewall or allow ping requests from other subnets in firewall in clients machines.

        Elvin

        1 Reply Last reply Reply Quote 0
        • A
          ale992
          last edited by ale992

          I'm using two win10 clients for test, aside from the pfsense boxes. I've already enabled the rules on both windows firewalls and pings work in each site. Am i losing something in pfsense configs? Why i should enable ping from other subnets, the purpose of this is to make all clients figure as in the same LAN

          1 Reply Last reply Reply Quote 0
          • RicoR
            Rico LAYER 8 Rebel Alliance
            last edited by

            I'd recommend you to change one sides subnet and run OpenVPN in default and recommended tun mode.

            -Rico

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.