Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What do I need to be able to ping vpn client from the lan side of vpn server?

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      timmiet
      last edited by

      So I have pfsense server 2.3.2-RELEASE-p1    192.168.11.1
      it has openvpn server 10.8.0.0/24
      clients can connect to server and they can ping lan side 192.168.11.0/24
      but I can't ping the vpn clients from the lan side.  From 192.168.11.127 I can't ping 10.8.0.2
      From pfsense diag I can ping 10.8.0.2

      I feel like I would just need to add a route  from lan to openvpn, but I really don't know.
      thanks for the help.

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Make sure policy routing on LAN isn't sending those connection attempts out a WAN instead. Might need to bypass it for that destination.

        https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

        Make sure the target host VPN stack/firewall/etc will actually allow the incoming traffic from that subnet.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • T Offline
          timmiet
          last edited by

          I feel silly but it was windows firewall.

          Openvpn is detected as public network // unidentified network.
          I don't have a default gateway set in openvpn. I think that is why.

          how do I set one that does not route all traffic, but is set so it can be a private network.
          Thanks for the quick reply.

          1 Reply Last reply Reply Quote 0
          • T Offline
            timmiet
            last edited by

            I made a firewall rule to allow 10.8.0.0/24 in windows firewall.
            That works, but it would be better If I could get it to show private, and not have all traffic go through the vpn.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.