• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Cannot reach certain IPs on remote LAN across OpenVPN site-to-site connection

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
4 Posts 3 Posters 957 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    dmac
    last edited by Sep 7, 2016, 10:19 AM

    This is a strange one that I can't get my head around.
    We have a site-to-site OpenVPN set-up something like this:

    Site A:192.168.0.0/24 (OpenVPN Server) –---> 10.0.0.9/24 (Tunnel Network)  -------Site B:192.168.3.0/24 (OpenVPN Client)

    From Site B, I can reach the following IPs on Site A:

    • 192.168.0.1 - (pfSense box)

    • 192.168.0.3 - (server)

    However, I cannot reach 192.168.0.47 (which is a desktop machine on Site A) from Site B
    When I'm positioned on Site A I can reach the same machine just fine.

    What could I possibly have in my set-up that allows me to reach certain IPs in Site A from Site B - but not all of them?

    1 Reply Last reply Reply Quote 0
    • D Offline
      dmac
      last edited by Sep 7, 2016, 10:23 AM

      Some further information on this.

      Running a tracert from Site B to a reachable machine in Site A yields the following:

      $>tracert 192.168.0.1
      
      Tracing route to 192.168.0.1 over a maximum of 30 hops
      
        1    <1 ms    <1 ms    <1 ms  pfSense-jm.archway.local [192.168.3.1]
        2    71 ms    54 ms    62 ms  192.168.0.1
      

      Running tracert against the unreachable IP yields the following:

      $>tracert 192.168.0.47
      
      Tracing route to archway-pc05.archway.local [192.168.0.47]
      over a maximum of 30 hops:
      
        1    <1 ms    <1 ms    <1 ms  pfSense-jm.archway.local [192.168.3.1]
        2     *       64 ms    52 ms  10.0.9.1
        3     *        *        *     Request timed out.
        4     *        *        *     Request timed out.
        5     *        *        *     Request timed out.
        6     *        *        *     Request timed out.
      

      Note how it's heading out the Tunnel network. Would this be expected behavior?

      1 Reply Last reply Reply Quote 0
      • M Offline
        MLIT
        last edited by Sep 7, 2016, 3:17 PM

        Packet Capture is your friend. Have you tried doing a packet capture on the LAN interface of the firewall on Site A as you try to do a traceroute to 192.168.0.47 ?

        Is .47 reachable from the firewall in the same site? You might double check your subnet mask on both devices to make sure they are /24 (255.255.255.0).

        Is the firewall on on this particular workstation? Can you turn it off and test again?

        1 Reply Last reply Reply Quote 0
        • P Offline
          phil.davis
          last edited by Sep 9, 2016, 4:09 AM

          If the .47 device is a Windows client then it probably has its own firewall settings that respond to ping from the local subnet but not to remote pings from outside the subnet.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received