No Pings beyond pfS Gateway
-
This is my first foray into VPN server setup. I have succeeded in getting an OpenVPN client to access my gateway server with response – Initialization Sequence Completed.
I can ping the pfSense gateway using its LAN address successfully from the client, but I cannot get ping responses for anything on the LAN beyond the gateway.Client – OpenVPN 2.3.17-I001-i686 on Win-XP
Server – OpenVPN on pfSense 2.3.4 on apu2c4Any clues on how to troubleshoot this would be most welcomed.
I have set a rule to pass ICMP.
-
Post a network map. Post your server1.conf.
-
Thanks for your attention marvosa. I’ve attached a sketch map and contents of server1.conf as requested:
dev ovpns1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 180.181.41.xx
tls-server
server 192.168.20.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server1
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 1194" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'xxxxxx.net' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
push "route 192.168.10.0 255.255.255.0"
push "dhcp-option DOMAIN localdomain"
push "dhcp-option DNS 180.181.127.4"
push "dhcp-option DNS 180.181.127.3"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
persist-remote-ip
float
topology subnet
-
Ensure that
- pfSense is the default gateway on the hosts behind.
- you have a firewall rule set on the OpenVPN interface which allow the access.
- the destination hosts system firewalls do not block the access.