Can ping one way but not the other
-
Hello I am having issues with IP communication between two interfaces in a bridge. I have followed this guide right here to set up the bridge: https://www.youtube.com/watch?v=EFo3CemZxbg. Right now I have a LAN interface doing VLAN 20 tagging bridged with an OpenVPN interface to allow layer2 TAP communication. The LAN interface has the IP address 192.168.20.1/24. DHCP is configured correctly and all devices on the LAN as well as the OpenVPN are getting IPs from the DHCP server. From inside the LAN all devices can communicate with each other and they can ping the gateway. However from the client connected to OpenVPN I can ping the gateway but I cannot ping any other device on the LAN. And from the pfSense I cannot ping the OpenVPN client. I am stumped and cannot figure out why this is not working.
-
Did you add any access rules to the OpenVPN interface under Firewall - Rules? Only LAN gets a default access rule.
-
I did add the access rule to allow all on both the VPN interface and the BRIDGE interface. But shouldn't that be irrelevant if the source IP is coming from an IP in the same subnet?
-
In your case, I don't know. I've never tried to bridge a LAN to a VPN and get them all to talk properly. The firewall rules for extra interfaces is a common gotcha that I wanted to let you know about.
-
@KOM:
In your case, I don't know. I've never tried to bridge a LAN to a VPN and get them all to talk properly. The firewall rules for extra interfaces is a common gotcha that I wanted to let you know about.
Understood and thank you. Yeah I got the firewall rules covered and I am still stumped. I am trying to think from a networking perspective but I have never encountered a situation where two IPs from the same subnet can ping one way but not the other.
-
"but I have never encountered a situation where two IPs from the same subnet can ping one way but not the other."
You sure its pinging the correct thing.. Could be wrong mac.. And sure have seen this quite often with firewalls on hosts. Or in a bridge if your filtering on members of the bridge it could be allowed in one direction or not the other.. etc. etc..
There are many reasons why this could happen. If you were on a actual L2 first thing to do is validate your devices are arping the correct mac, etc.