Clients cannot talk to each other



  • Hi - I setup an OpenVPN server for 2 clients to be able to talk to each other (and, ideally, get the same broadcasts so that they can play together for gaming etc.).

    When the clients connect, both can ping their own machine and the server. But they cannot ping each other.

    I have attached screen shots from the server configuration.

    client configurations were created with the export package and look like this:

    dev tap
    persist-tun
    persist-key
    cipher AES-256-CBC
    auth SHA1
    tls-client
    client
    resolv-retry infinite
    remote <ip>31195 udp
    verify-x509-name "pfSenseOpenVPNGamingServer" name
    auth-user-pass
    pkcs12 router-udp-31195-name.p12
    tls-auth router-udp-31195-name-tls.key 1
    remote-cert-tls server</ip> 
    

    Routing on the clients looks ok as well… from "route print":

    
              0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     15
            10.0.11.0    255.255.255.0   Auf Verbindung         10.0.11.2    291
            10.0.11.2  255.255.255.255   Auf Verbindung         10.0.11.2    291
          10.0.11.255  255.255.255.255   Auf Verbindung         10.0.11.2    291
            127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    331
            127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    331
      127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    331
          192.168.1.0    255.255.255.0   Auf Verbindung       192.168.1.2    271
          192.168.1.2  255.255.255.255   Auf Verbindung       192.168.1.2    271
        192.168.1.255  255.255.255.255   Auf Verbindung       192.168.1.2    271
         192.168.56.0    255.255.255.0   Auf Verbindung      192.168.56.1    281
         192.168.56.1  255.255.255.255   Auf Verbindung      192.168.56.1    281
       192.168.56.255  255.255.255.255   Auf Verbindung      192.168.56.1    281
            224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    331
            224.0.0.0        240.0.0.0   Auf Verbindung      192.168.56.1    281
            224.0.0.0        240.0.0.0   Auf Verbindung       192.168.1.2    271
            224.0.0.0        240.0.0.0   Auf Verbindung         10.0.11.2    291
      255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    331
      255.255.255.255  255.255.255.255   Auf Verbindung      192.168.56.1    281
      255.255.255.255  255.255.255.255   Auf Verbindung       192.168.1.2    271
      255.255.255.255  255.255.255.255   Auf Verbindung         10.0.11.2    291
    

    Any hint what might be wrong?

    Thanks!







  • hi, what about your firewall rules?
    let us know which rules you have.



  • The interfaces WAN and OpenVPN both have the rules created by the OpenVPN wizard right at the top.

    WAN then has a number of port forwards (not 31195), but only after that OpenVPN rule.

    ![Firewall WAN.png](/public/imported_attachments/1/Firewall WAN.png)
    ![Firewall WAN.png_thumb](/public/imported_attachments/1/Firewall WAN.png_thumb)
    ![Firewall OpenVPN.png](/public/imported_attachments/1/Firewall OpenVPN.png)
    ![Firewall OpenVPN.png_thumb](/public/imported_attachments/1/Firewall OpenVPN.png_thumb)


  • LAYER 8 Netgate

    And the OpenVPN Clients just need to talk to each other? Not a bridged interface on the server?



  • I just want the clients to be able to talk to each other, yes - so that they are in the same subnet with broadcasts etc. working. To enable "LAN gaming" mode as offered by some games.



  • Maybe a stupid question, but I'm not sure of this: Have you considered to access the other client by his VPN IP?



  • 10.0.11.2 (first VPN client) can ping 10.0.11.1 (pfSense). 10.0.11.3 (2nd VPN client) can ping 10.0.11.3. 10.0.11.2 cannot ping 10.0.11.3 (or vice versa).



  • Ensure that the clients system firewall doesn't block the access.
    Windows firewalls classifies such VPNs as untrusted as there is no gateway set and blocks access from it.

    To outfox this behavior, I push the default route to the client with a high metric, so the origin default route is still preferred. However the metric is applied to all routes pushed by the OpenVPN server, but that doesn't matter usually.

    In your case, since that only pertains two clients, it would be better to try to set the VPN as trusted network in Windows or open up the firewall to allow that access.



  • Windows Firewalls are diabled on both machines…

    With pushing a route, do you mean adding

    push "route 10.0.11.0 255.255.255.0"
    

    to "Custom options" in the "Advanced Configuration" part of the OpenVPN server configuration?



  • push "route-metric 512";push "route 0.0.0.0 0.0.0.0"
    


  • Thanks, works!


Log in to reply