OpenVPN clients can't ping
-
You're presumably missing the route.
Are you able to ping a device in the remote LAN, when you set the ping source to OpenVPN?
If so, check on the remote site (site B) if there is the "Remote Networks" box filled in correctly. You have to enter the site A LAN network(s) there. -
Sort of. I can ping the pfsense address for the lan IE 10.1.1.1 from the other pfsense box but can't ping clients on the other network. For the remote networks box, I have the opposites filled in. Also in the route table I see the CIDRs pointing to the tunnel...
10.1.1.0/24
Remote Networks: 10.1.2.0/2410.1.2.0/24
Remote Networks: 10.1.1.0/24 -
Are both pfSense boxes the default gateways in their respective LAN?
-
@viragomann Yes
-
I assume you have firewall rule in place to allow access. But whats about the clients firewall? Maybe it blocks access from outside its own subnet, which is mostly the default settings.
-
This post is deleted! -
@viragomann Yep, they are set to allow all.
-
Can you ping the far side LAN interface address? If you can and you can't ping hosts on the LAN it is because there is a firewall on the target host itself. Think Windows Firewall.
-
This post is deleted! -
@Derelict Only from pfsense. Not from any clients. The routes show up in the pfsense route table with the gateway as the tunnel link address. Could it be an issue that the default destination is at the top of the entire list? Another interesting thing is that a trace route command to the other side of the tunnel gets only as far as the local gateway on the side you are trace routing from.
