Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can ping one way but not the other

    General pfSense Questions
    3
    6
    1370
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • brunovicB
      brunovic
      last edited by

      Hello I am having issues with IP communication between two interfaces in a bridge. I have followed this guide right here to set up the bridge: https://www.youtube.com/watch?v=EFo3CemZxbg. Right now I have a LAN interface doing VLAN 20 tagging bridged with an OpenVPN interface to allow layer2 TAP communication. The LAN interface has the IP address 192.168.20.1/24. DHCP is configured correctly and all devices on the LAN as well as the OpenVPN are getting IPs from the DHCP server. From inside the LAN all devices can communicate with each other and they can ping the gateway. However from the client connected to OpenVPN I can ping the gateway but I cannot ping any other device on the LAN. And from the pfSense I cannot ping the OpenVPN client. I am stumped and cannot figure out why this is not working.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Did you add any access rules to the OpenVPN interface under Firewall - Rules?  Only LAN gets a default access rule.

        1 Reply Last reply Reply Quote 0
        • brunovicB
          brunovic
          last edited by

          I did add the access rule to allow all on both the VPN interface and the BRIDGE interface. But shouldn't that be irrelevant if the source IP is coming from an IP in the same subnet?

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            In your case, I don't know.  I've never tried to bridge a LAN to a VPN and get them all to talk properly.  The firewall rules for extra interfaces is a common gotcha that I wanted to let you know about.

            1 Reply Last reply Reply Quote 0
            • brunovicB
              brunovic
              last edited by

              @KOM:

              In your case, I don't know.  I've never tried to bridge a LAN to a VPN and get them all to talk properly.  The firewall rules for extra interfaces is a common gotcha that I wanted to let you know about.

              Understood and thank you. Yeah I got the firewall rules covered and I am still stumped. I am trying to think from a networking perspective but I have never encountered a situation where two IPs from the same subnet can ping one way but not the other.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                "but I have never encountered a situation where two IPs from the same subnet can ping one way but not the other."

                You sure its pinging the correct thing.. Could be wrong mac.. And sure have seen this quite often with firewalls on hosts.  Or in a bridge if your filtering on members of the bridge it could be allowed in one direction or not the other.. etc. etc..

                There are many reasons why this could happen.  If you were on a actual L2 first thing to do is validate your devices are arping the correct mac, etc.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 23.05.1 | Lab VMs CE 2.6, 2.7

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post