OpenVPN - Works just fine but client can't ping random host?



  • Hi, Team!

    pfSense has been one of the greatest products I've introduced to my network.
    My problem is slightly odd, my OpenVPN plugin is installed on pfSense and working, I can connect just fine from end-point clients.

    The client is able to reach the network and ping most host, however… two windows servers are unavailable. I can't traceroute/ping nor complete a nslookup on these two hosts.
    I've confirmed that the two windows servers are not blocking the traffic by disabling the firewalls/whitelisting traffic from OpenVPN.

    Has anyone seen something like this?

    
    C:\Users\Christian>tracert 192.168.20.5
    
    Tracing route to 192.168.20.5 over a maximum of 30 hops
    
      1    50 ms    49 ms    46 ms  10.8.0.1
      2    87 ms    50 ms    47 ms  192.168.20.5
    
    Trace complete.
    
    C:\Users\Christian>tracert 192.168.20.4
    
    Tracing route to 192.168.20.4 over a maximum of 30 hops
    
      1    46 ms    46 ms    46 ms  10.8.0.1
      2     *        *        *     Request timed out.
      3     *        *        *     Request timed out.
      4     *        *        *     Request timed out.
      5     *        *        *     Request timed out.
    
    


  • Maybe someone can give me some pointers on where to look next or where to search for logs that could help me?

    Thanks!


  • Rebel Alliance Global Moderator

    Do these window servers use a different gateway? Or not set at all?  So they don't know how to answer.

    Screams firewall on them to be sure.

    What I would do to validate traffic is leaving pfsense towards the servers is sniff on this interface, assume its your lan where 192.168.20 network is.  And then say ping the server from remote client.  Do you see pfsense send the ping in the sniff.  If not figure out why not..

    If is sending, and correct mac of the server - and your not seeing an answer then firewall on the server or for whatever other reason it does not want to answer.