cant ping second router across VPN
-
Need some minor PFsense help.
Have two sites tied together via open VPN all is working great….except at site 1 we have 2 x Pfsense routers, and can not ping to the second router at site 1 from site 2
Example / details
192.168.3.1 (Router one site one) with VPN to 192.168.199.1
192.168.3.2 (Router two site one) without VPN
192.168.199.1 (Router one site two) with VPN to 192.168.3.1
192.168.199.250 (server at site two) can ping to ANYTHING at the 192.168.3.xxx network except router 2 / 192.168.3.2
I'm guessing it’s a firewall rule on 192.168.3.2 but I'm not sure where/what to change to allow 192.168.199.250 to ping / talk to 192.168.3.2 everything at 192.168.3.xxx can ping 192.168.3.2
I know I need to set up a route on the non-pingable router or allow pings from the other subnet but I'm not sure how to do that. i need detailed direction pls.
Thanks -
You need to add a rule on Router 2 WAN that passes ICMP echoreq, and place it before the Block private networks rule if you have one.
-
@KOM thanks for the information can you provide more detail as to where to do this in the configuration ?
-
Firewall - Rules - WAN.
https://rumyittips.com/how-to-allow-icmp-traffic-through-pfsense-firewall/
Except don't select any for ICMP type, just echoreq. Make sure you disable Block Private Networks if you're pinging from a private address like LANs usually have. You can do that via Interfaces - WAN - Block Private Networks. Uncheck it and Apply.
-
This was not the fix. needed to adjust a routing statement in the VPN router to include the full / 24 I had mistakenly set it to /28
