OpenVPN tunnel issue
-
I am trying to figure out why I can't ping a OpenVPN tunnel gateway from my pfsense firewall but it's pingable by a host behind the firewall.
I can't find anything that would be blocking the requests, I've checked in /var/log/filter.log I've included some command outputs that I thought would be relevant. Any insight would be greatly appreciated. I have a bit of networking knowledge but this has me stumped. Thank youExternal Interface: vmx0: public v4 ip
Internal Interface: vmx1: 10.10.0.252/24
OpenVPN tunnel Interface: ovpnc2: 10.200.0.114/32
Internal network: 10.10.0.0/24#pfsense FW0
Output of command: ping -S 10.200.0.114 10.200.0.113PING 10.200.0.113 (10.200.0.113) from 10.200.0.114: 56 data bytes
^C
--- 10.200.0.113 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss#pfsense FW0
Output of command: tcpdump -vv -i ovpnc2 host 10.200.0.113tcpdump: listening on ovpnc2, link-type NULL (BSD loopback), capture size 262144 bytes
09:31:12.867389 IP (tos 0x0, ttl 64, id 41229, offset 0, flags [none], proto ICMP (1), length 84)
10.200.0.114 > 10.200.0.113: ICMP echo request, id 39999, seq 0, length 64
09:31:13.939414 IP (tos 0x0, ttl 64, id 62270, offset 0, flags [none], proto ICMP (1), length 84)
10.200.0.114 > 10.200.0.113: ICMP echo request, id 39999, seq 1, length 64
09:31:14.993295 IP (tos 0x0, ttl 64, id 45976, offset 0, flags [none], proto ICMP (1), length 84)
10.200.0.114 > 10.200.0.113: ICMP echo request, id 39999, seq 2, length 64
09:31:16.017609 IP (tos 0x0, ttl 64, id 11815, offset 0, flags [none], proto ICMP (1), length 84)
10.200.0.114 > 10.200.0.113: ICMP echo request, id 39999, seq 3, length 64#debian vm
Output of command: ping 10.200.0.113
PING 10.200.0.113 (10.200.0.113) 56(84) bytes of data.
64 bytes from 10.200.0.113: icmp_seq=1 ttl=252 time=48.5 ms
64 bytes from 10.200.0.113: icmp_seq=2 ttl=252 time=48.4 ms
64 bytes from 10.200.0.113: icmp_seq=3 ttl=252 time=56.6 ms
64 bytes from 10.200.0.113: icmp_seq=4 ttl=252 time=49.6 ms
^C
--- 10.200.0.113 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 48.432/50.813/56.677/3.416 ms#pfsense FW0
Output of command: tcpdump -vv -i vmx1 host 10.200.0.113tcpdump: listening on vmx1, link-type EN10MB (Ethernet), capture size 262144 bytes
09:34:19.861242 IP (tos 0x0, ttl 64, id 39918, offset 0, flags [DF], proto ICMP (1), length 84)
10.10.0.1 > 10.200.0.113: ICMP echo request, id 1306, seq 1, length 64
09:34:19.909726 IP (tos 0x0, ttl 252, id 11457, offset 0, flags [DF], proto ICMP (1), length 84)
10.200.0.113 > 10.10.0.1: ICMP echo reply, id 1306, seq 1, length 64
09:34:20.863169 IP (tos 0x0, ttl 64, id 40040, offset 0, flags [DF], proto ICMP (1), length 84)
10.10.0.1 > 10.200.0.113: ICMP echo request, id 1306, seq 2, length 64
09:34:20.911525 IP (tos 0x0, ttl 252, id 11458, offset 0, flags [DF], proto ICMP (1), length 84)
10.200.0.113 > 10.10.0.1: ICMP echo reply, id 1306, seq 2, length 64#pfsense FW0
Output of command: ifconfig ovpnc2ovpnc2: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::2ad2:44ff:fe4d:94d7%ovpnc2 prefixlen 64 scopeid 0x8
inet 10.200.0.114 --> 10.200.0.113 netmask 0xffffffff
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: tun openvpn
Opened by PID 9123#pfsense FW0 - partial Routing table output
Output of command: netstat -rRouting tables
Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/110.200.0.113UGS ovpnc2
default publicip UGS vmx0
10.10.0.0/24link#2 U vmx1
fw0 link#2 UHS lo0
10.200.0.1/3210.200.0.113UGS ovpnc2Output of command: netstat -r | grep -i "ovpnc2"
0.0.0.0/110.200.0.113UGS ovpnc2
10.200.0.1/3210.200.0.113UGS ovpnc2
10.200.0.113link#8 UH ovpnc2
128.0.0.0/110.200.0.113UGS ovpnc2
fe80::%ovpnc2/64 link#8 U ovpnc2