Everything works but ping replies and ssh



  • Hi all,
    I successfully configured an OpenVPN server for remote access by using the wizard.

    The IPv4 tunnel network is 10.0.8.0/24.
    The IPv4 local network is 172.16.0.0/24.

    My client is a Mac. I'm using Tunnelblick.

    I can successfully connect to the VPN and I can ssh into the pfSense machine by issuing the command ssh 172.16.0.3.

    So, everything seems to work but if I try to ping 172.16.0.195 from the client, the host receives the request but it doesn't reply (I inspected by using tcpdump -i ens224 icmp on the host).

    15:15:25.089548 IP 10.0.8.2 > 172.16.0.196: ICMP echo request, id 65032, seq 3, length 64
    15:15:26.101279 IP 10.0.8.2 > 172.16.0.196: ICMP echo request, id 65032, seq 4, length 64
    15:15:27.103493 IP 10.0.8.2 > 172.16.0.196: ICMP echo request, id 65032, seq 5, length 64
    15:15:28.099271 IP 10.0.8.2 > 172.16.0.196: ICMP echo request, id 65032, seq 6, length 64
    15:15:29.106835 IP 10.0.8.2 > 172.16.0.196: ICMP echo request, id 65032, seq 7, length 64
    15:15:30.113523 IP 10.0.8.2 > 172.16.0.196: ICMP echo request, id 65032, seq 8, length 64
    

    Also, I can't ssh into the host (through VPN).

    I read many threads here but I couldn't find any solution.

    Can you help me, please?

    Thanks,
    Adriano



  • @adigiovanni is the pfSense running your OpenVPN also your router/default gateway? If not, the "host" is trying to reply to your vpn client through it's default gateway (your router). If my guess is correct you need to add a static route to your vpn network via your pfSenes's LAN IP.



  • @curtisgrice thanks for your reply. No, the pfSense running OpenVPN is not my router/default gateway. Nice catch! I issued the command ip route add 10.0.8.0/24 via 172.16.0.3 and BAM! it worked. Thanks a lot. Is there any way to make this work by adding some type of configuration to the router/default gateway? Thanks again.



  • You just need to add that same route to your gateway device. Simple as that.



  • @curtisgrice thanks again!


Log in to reply