Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN tunnel issue

    OpenVPN
    1
    1
    40
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      notrox last edited by

      I am trying to figure out why I can't ping a OpenVPN tunnel gateway from my pfsense firewall but it's pingable by a host behind the firewall.
      I can't find anything that would be blocking the requests, I've checked in /var/log/filter.log I've included some command outputs that I thought would be relevant. Any insight would be greatly appreciated. I have a bit of networking knowledge but this has me stumped. Thank you

      External Interface: vmx0: public v4 ip
      Internal Interface: vmx1: 10.10.0.252/24
      OpenVPN tunnel Interface: ovpnc2: 10.200.0.114/32
      Internal network: 10.10.0.0/24

      #pfsense FW0
      Output of command: ping -S 10.200.0.114 10.200.0.113

      PING 10.200.0.113 (10.200.0.113) from 10.200.0.114: 56 data bytes
      ^C
      --- 10.200.0.113 ping statistics ---
      4 packets transmitted, 0 packets received, 100.0% packet loss

      #pfsense FW0
      Output of command: tcpdump -vv -i ovpnc2 host 10.200.0.113

      tcpdump: listening on ovpnc2, link-type NULL (BSD loopback), capture size 262144 bytes
      09:31:12.867389 IP (tos 0x0, ttl 64, id 41229, offset 0, flags [none], proto ICMP (1), length 84)
      10.200.0.114 > 10.200.0.113: ICMP echo request, id 39999, seq 0, length 64
      09:31:13.939414 IP (tos 0x0, ttl 64, id 62270, offset 0, flags [none], proto ICMP (1), length 84)
      10.200.0.114 > 10.200.0.113: ICMP echo request, id 39999, seq 1, length 64
      09:31:14.993295 IP (tos 0x0, ttl 64, id 45976, offset 0, flags [none], proto ICMP (1), length 84)
      10.200.0.114 > 10.200.0.113: ICMP echo request, id 39999, seq 2, length 64
      09:31:16.017609 IP (tos 0x0, ttl 64, id 11815, offset 0, flags [none], proto ICMP (1), length 84)
      10.200.0.114 > 10.200.0.113: ICMP echo request, id 39999, seq 3, length 64

      #debian vm
      Output of command: ping 10.200.0.113
      PING 10.200.0.113 (10.200.0.113) 56(84) bytes of data.
      64 bytes from 10.200.0.113: icmp_seq=1 ttl=252 time=48.5 ms
      64 bytes from 10.200.0.113: icmp_seq=2 ttl=252 time=48.4 ms
      64 bytes from 10.200.0.113: icmp_seq=3 ttl=252 time=56.6 ms
      64 bytes from 10.200.0.113: icmp_seq=4 ttl=252 time=49.6 ms
      ^C
      --- 10.200.0.113 ping statistics ---
      4 packets transmitted, 4 received, 0% packet loss, time 3005ms
      rtt min/avg/max/mdev = 48.432/50.813/56.677/3.416 ms

      #pfsense FW0
      Output of command: tcpdump -vv -i vmx1 host 10.200.0.113

      tcpdump: listening on vmx1, link-type EN10MB (Ethernet), capture size 262144 bytes
      09:34:19.861242 IP (tos 0x0, ttl 64, id 39918, offset 0, flags [DF], proto ICMP (1), length 84)
      10.10.0.1 > 10.200.0.113: ICMP echo request, id 1306, seq 1, length 64
      09:34:19.909726 IP (tos 0x0, ttl 252, id 11457, offset 0, flags [DF], proto ICMP (1), length 84)
      10.200.0.113 > 10.10.0.1: ICMP echo reply, id 1306, seq 1, length 64
      09:34:20.863169 IP (tos 0x0, ttl 64, id 40040, offset 0, flags [DF], proto ICMP (1), length 84)
      10.10.0.1 > 10.200.0.113: ICMP echo request, id 1306, seq 2, length 64
      09:34:20.911525 IP (tos 0x0, ttl 252, id 11458, offset 0, flags [DF], proto ICMP (1), length 84)
      10.200.0.113 > 10.10.0.1: ICMP echo reply, id 1306, seq 2, length 64

      #pfsense FW0
      Output of command: ifconfig ovpnc2

      ovpnc2: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> metric 0 mtu 1500
      options=80000<LINKSTATE>
      inet6 fe80::2ad2:44ff:fe4d:94d7%ovpnc2 prefixlen 64 scopeid 0x8
      inet 10.200.0.114 --> 10.200.0.113 netmask 0xffffffff
      nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
      groups: tun openvpn
      Opened by PID 9123

      #pfsense FW0 - partial Routing table output
      Output of command: netstat -r

      Routing tables

      Internet:
      Destination Gateway Flags Netif Expire
      0.0.0.0/110.200.0.113UGS ovpnc2
      default publicip UGS vmx0
      10.10.0.0/24link#2 U vmx1
      fw0 link#2 UHS lo0
      10.200.0.1/3210.200.0.113UGS ovpnc2

      Output of command: netstat -r | grep -i "ovpnc2"

      0.0.0.0/110.200.0.113UGS ovpnc2
      10.200.0.1/3210.200.0.113UGS ovpnc2
      10.200.0.113link#8 UH ovpnc2
      128.0.0.0/110.200.0.113UGS ovpnc2
      fe80::%ovpnc2/64 link#8 U ovpnc2

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy