Can connect with Tunnelblick but can't ping…



  • Hi all,

    last week I replaced our Officerouter, which was based on wrapcop (IPCop ported to wrap) with pfsense. I'm fine with pfsense, I thought about the migration for a long time, and have read a lot about it…

    But there are two unsolved things: I don't know how to create a firewall rule to send all Port 80 traffic, except the one from the proxy, to port 3128 on the proxyhost...

    But the one bugging me much more is that I can't get openvpn to work. I can connect to the VPN but I can't ping...

    Here is the config:

    office.ovpn

    #OpenVPN Server conf
    tls-client
    client
    pull
    dev tun
    proto udp
    tun-mtu 1400
    tun-mtu-extra 32
    remote xxx.de 1194
    ca ca.crt
    cert macbook-pro.crt
    key macbook-pro.key
    cipher AES-128-CBC
    comp-lzo
    verb 4
    ns-cert-type server
    

    openvpn_server0.conf

    writepid /var/run/openvpn_server0.pid
    #user nobody
    #group nobody
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    dev tun
    proto udp
    cipher AES-128-CBC
    up /etc/rc.filter_configure
    down /etc/rc.filter_configure
    client-to-client
    server 10.0.115.0 255.255.255.248
    client-config-dir /var/etc/openvpn_csc
    lport 1194
    ca /var/etc/openvpn_server0.ca
    cert /var/etc/openvpn_server0.cert
    key /var/etc/openvpn_server0.key
    dh /var/etc/openvpn_server0.dh
    comp-lzo
    persist-remote-ip
    float
    

    I'm using tunnelblick 3.0b9 on a MacBook-Pro running 10.5.5:
    Darwin macbook-pro.bad-nauheim.xxx.de 9.5.0 Darwin Kernel Version 9.5.0: Wed Sep  3 11:29:43 PDT 2008; root:xnu-1228.7.58~1/RELEASE_I386 i386 i386

    I hope u can give me a hint how to get it to work! I'll do another try when I'm back home, and will then post the logs off this try here…

    Greetz
    Mircsicz



  • Answering myself:

    If you don't set a LAN rule as described in the following thread, it won't work:

    http://forum.pfsense.org/index.php/topic,7840.0.html

    After adding the LAN rule all is fine… I added only the WAN rule which was one to less!!

    Greetz
    Mircsicz


Log in to reply