Open VPN: can't ping local LAN host when connected



  • Hi Netgate Community!
    I have a Netgate SG-5100. I installed Open VPN and exported the Client Package to a Windows 10 laptop for remote access into the Local LAN.
    When testing.. I get the Open VPN "Connected" but then I can't ping the local LAN computer. I can't RDP either.
    The Server tunnel Subnet: 176.16.0.0/24
    The Client Tunnel Subnet: 172.17.0.0/24
    However.. on the OpenVPN .. the Client IP is 172.16.0.2... shouldn't it be "172.17.0.2"... I'm confused about this. Shouldn't I be able to ping the local LAN? I have added the Local LAN in the Client settings.
    Please help. I have owners in Italy trying to get access to their host in the USA.
    Thank you.
    Jen Fernandez
    910 885 4120



  • @jen_fernandez said in Open VPN: can't ping local LAN host when connected:

    The Server tunnel Subnet: 176.16.0.0/24
    The Client Tunnel Subnet: 172.17.0.0/24

    Where have you stated the Client tunnel subnet?
    There is no need for that.

    In the OpenVPN server settings add the local network into the "Local Network/s" box.



  • @viragomann

    Thanks viragomann.
    I was told by Netgate support that the Client and Server tunnel subnet needed to be different... so I will test your option. I will remove the client subnet and will add the local LAN under Server settings.
    I can't try until later tonight when I am near the device and can connect to LAN port.
    Much appreciated... will test at 6:30pm Eastern time.
    Thanks
    Jen



  • Hi Viragomann!
    I removed the client tunnel subnet (172.17.0.0/24) in the settings.
    I ensured that the IPv4 Local network on the server settings had 192.168.1.0/24..
    but i still can't ping the 192.168.1.0
    Where is this GW exactly? If I am giving out DHCP Addresses from LAN port.. does this LAN port have two IP addresses.. one as 172.16.0.1 and 192.168.1.0? In the System Wizard.. i set up the LAN interface as 192.168.1.1... is this a conflict?



  • To Anyone -I still need help!
    I have the Server Tunnel: 172.16.0.0/24
    I have the Local LAN (configured on the Server) 192.168.1.0/24
    I tried pinging the default GW of both of these subnets when the LAN port is connected to my laptop.. all good.
    Then I tried pinging the 192.168.1.1 GW from the locallan host: 192.168.1.52 - success.

    I connected with Open VPN and received a Client IP of 172.16.0.2
    I could successfully ping both 172.16.0.1 and 192.168.1.1 from CMD prompt of external client computer when VPN is connected.
    However, I can't ping the localLAN host of 192.168.1.52 from the external client when open VPN is connected.. this failed.. Times out.
    Do you see an obvious red flag?



  • To Anyone:
    I saw that i was on client was on Device Mode: Layer 2 Tap Mode.
    I changed this to Tunnel Mode; Layer 3.
    So, every time i make a change.. i download the client export package (with new configs) and then disconnect opEn VPN.. then re-install openVPN client package again. Is this correct? just checking



  • To : Anyone
    I tried to add the new Client Export package and noticed that the configs kept with TAP mode- for client side.. so it didn't take the change of tunnel mode.
    How do i change settings on Open VPN client?



  • I have removed the openVPN in WIndows 10 Programs and Features (uninstall).. then re-installed the client package and it still wanted TAP mode.. failed



  • I think i have chosen the incorrect type of open VPN.
    I have tried Remote Access Server VPN and Peer-to-Peer SSL/TLS VPN
    All I want to do is set up a simple client VPN.. for external clients to have access to the internal network - which type of VPN is best for this?



  • Use an OpenVPN access server in tun mode and don’t care about the clients mode.

    Ensure that the pfSense is the default gateway in the LAN 192.168.1.0/24 and that it doesn’t overlap with the clients LAN


  • LAYER 8 Rebel Alliance



  • Thanks Rico. I already had and used the first set of instructions.
    I'm watching the first video now.