Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can;t ping internal Network

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      Chrismallia
      last edited by

      I setup open vpn using the wizard and it works fine, only problem is I can not get to internal devices and ping them, i can ping the pfsense ip 192.168.1.1 but not the rest. Here are the rules
      1.PNG
      1.PNG_thumb
      2.PNG
      2.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        @Chrismallia:

        i can ping the pfsense ip 192.168.1.1 but not the rest.

        Is pfSense the default gateway at the rest?

        1 Reply Last reply Reply Quote 0
        • C Offline
          Chrismallia
          last edited by

          Yes it is

          1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann
            last edited by

            Also check if client firewalls are running and are blocking access from unknown networks.

            1 Reply Last reply Reply Quote 0
            • C Offline
              Chrismallia
              last edited by

              Thanks for your help. I just bumped into something the only device that I can't ping is the server  that is windows and it has a static dhcp from pfsense of 192.168.1.2 look like the coz is that it has static IP but that will be a problem

              1 Reply Last reply Reply Quote 0
              • C Offline
                Chrismallia
                last edited by

                The Ping from windows CMD

                cmd.PNG
                cmd.PNG_thumb

                1 Reply Last reply Reply Quote 0
                • C Offline
                  Chrismallia
                  last edited by

                  Ok forget the IP thing.  I tried to ping a phone S6 and a laptop windows 10 and did not ping the only thing I can ping is unifi AP, so I turned off windows firewall on the server and laptop  and I can ping them now

                  1 Reply Last reply Reply Quote 0
                  • C Offline
                    Chrismallia
                    last edited by

                    any ideas anyone what the problem might ? be I never had to turn off firewalls to get to internal network using openvpn

                    1 Reply Last reply Reply Quote 0
                    • V Offline
                      viragomann
                      last edited by

                      The Windows firewalls? As you've figured out yourself.

                      The hosts firewalls block access from other subnets by default as already mentioned. So set up the firewalls to allow access from the VPN tunnel subnet.

                      You may also add a SNAT rule to pfSense which translates the VPN clients source IP of packets destined to a LAN host to the LAN IP. That's what many other dummy routers do by default.

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ Offline
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        What IP are you using for your remote clients, what network are you using for your tunnel..

                        What IP does your client have on its remote network..

                        Firewalls are going to block remote networks quite often yes.. Windows out of the box for sure not going to let you ping from a non local network.

                        So you are on some remote network, lets say starbucks and you get an IP 192.168.10.14..  Your tunnel network on pfsense is say 10.0.8/24 and your local home network behind pfsense is 192.168.1.. when you connect your remote client gets a 10.0.8.x IP it talks down the tunnel to get to 192.168.1/24 etc..

                        Where you can have problems is if your starbucks your at hands you a 192.168.1.x IP – now does your client know to go down the tunnel to get to a 192.168.1 IP or why should it - that is is local network.  This is why 192.168.0 or .1 is normally bad idea to use as local network - this is too common and you could have problems when your on a remote network and want to vpn to your network.

                        I would suggest you change your network to something less common.  Use a uncommon tunnel network, make sure all your local devices firewalls all for access from your tunnel network.  And yes all your local devices if you want to be able to get to them remote would have to have internet access through pfsense.. ie they point to pfsense as their gateway.

                        Local software firewalls seem to be a killer for users.. Or they install some 3rd anti virus that is also running a firewall, etc.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • C Offline
                          Chrismallia
                          last edited by

                          Tunnel Network is 10.0.8.0/24

                          Pfsense gateway 192.168.1.1/24

                          client gets 10.0.0.8.2

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.