1. Home
  2. pfSense® Software
  3. OpenVPN
  4. Cannot ping new host from remote site

Cannot ping new host from remote site

  • K

    Hi Everyone,

    I have a working Site to Site VPN. I can ping all hosts on the remote side except a new host that was added. The problem is the remote pfsense box has an entry in the ARP table and can easily ping it.

    Its just I cannot ping it across the VPN and I have no idea why?

    All other hosts are pingable.

    ME ---- SITEA ------ SITEB ----> unpingable host

    0
  • Rico
    LAYER 8 Rebel Alliance

    Unpingable Host is using site B pfSense as gateway?
    Anything in the firewall logs?
    And check this host for any own local firewall blocking your requests, windows for example does this by default.

    -Rico

    0
  • K

    Yes unpingable host is using site B pfsense as gateway. Other hosts are also using site B as gateway and can be pinged by me from site A.

    All rules that block are set to log to the firewall. No entry is found for this host.

    Site B pfsense can ping the host. A similar host with same OS exists in site A as well and can be pinged from site B so cannot be issue with default firewall.

    0
  • Rico
    LAYER 8 Rebel Alliance

    traceroute?
    packet capture?

    -Rico

    0
  • K

    traceroute:

    Tracing route to [Unpingable Host] over a maximum of 30 hops

    1 1 ms 1 ms 1 ms [Site A]
    2 784 ms 859 ms 789 ms 10.10.8.2
    3 * * * Request timed out.

    For packet capture, it should be done on both sites?

    0
  • Rico
    LAYER 8 Rebel Alliance

    10.10.8.2 is the site B pfSense OpenVPN client?
    Please show the Firewall Rules site A and site B. You have the OpenVPN Interfaces assigned or not?
    Also give an idea of client site A IP and client site B IP.

    -Rico

    0 K 1 Reply
  • K

    @rico
    Yes 10.10.8.2 is site B client.
    Yes OpenVPN interfaces are assigned.

    Site A
    0_1549112816663_cbc369ee-f68b-47b3-b808-dced56f0498b-image.png
    Site B
    0_1549112727400_29fe059e-31eb-48f1-ad9e-9f579b794325-image.png

    Client Site A IP is 10.10.6.64 and Client Site B 10.10.5.202

    0
  • Rico
    LAYER 8 Rebel Alliance

    LAN rules?

    -Rico

    0
  • K

    Both LANs have pass all.

    0
  • Derelict
    LAYER 8 Netgate

    If you can exchange traffic with other hosts on that remote network and not THAT particular host, check for a firewall on THAT host. Check the gateway settings on THAT host. Packet capture on the interface THAT host is connected to for icmp traffic to THAT host IP address and try to ping it. Look at the capture. Are echo requests sent to THAT host captured? Are there replies? No? Check THAT host for the reason.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy