tunneled machine can't ping specific local server



  • Hello everyone,

    sorry to bother the community, I am rather new to pfSense and OpenVPN. So far I could successfully tunnel to my server and ping ALL devices within the pushed network execpt my data server, which is really confusing.

    Server IP: 192.168.100.10 (Ubuntu 16.04). pfSense is not blocking or forwarding anything to the server. The Ubuntu ufw firewall is disabled. Please could someone help me out? I have no clue where to start troubleshooting.

    tunnel 192.168.101.0/24 is pushed to local network 192.168.100.0/24
    ping from 192.168.100.0/24 (local network, not pushed) to 192.168.100.10 is possible (local network, not pushed)

    dev ovpns1
    verb 1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp4
    cipher AES-128-CBC
    auth SHA256
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    client-connect /usr/local/sbin/openvpn.attributes.sh
    client-disconnect /usr/local/sbin/openvpn.attributes.sh
    local 192.168.99.10
    tls-server
    server 192.168.101.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc/server1
    username-as-common-name
    plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth
    _verify_async user xxx= false server1 1194
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'somewhere-somewhat.org+' 1"
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 1
    push "route 192.168.100.0 255.255.255.0"
    push "dhcp-option DOMAIN localdomain"
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.2048
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    ncp-disable
    persist-remote-ip
    float
    topology subnet



  • Well, finally I could manage to do what I want. Due to a missing gateway entry in /etc/network/interfaces (Ubuntu) I was not able to connect properly.


Log in to reply