Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to Site OpenVPN - Unable to ping remote subnet from local LAN

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 321 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sebastian_IT
      last edited by

      Hey guys,

      I have set up an OpenVPN successfully on my pfsense. It is connected and I am getting a valid tunnel IP on both my pfsense box.

      I am able to ping remote subnet (remote LAN) from my pfsense box, but I am not able to ping remote LAN from my local LAN.

      Please find below my configuration.

      Local network Range - 10.0.1.1/24
      Remote network Range - 10.1.0.1/24
      Tunnel network range - 10.2.0.1/24

      6d48e06a-d66a-410b-b3f0-9ce6c82b2dc3-image.png

      bf834a92-d549-4926-99ab-dbbdc9bd6523-image.png

      As shown below I am able to ping the remote subnet from the client
      2877e3b0-2229-49c1-a63b-fbc9d7a09020-image.png

      Ping to remote subnets fails from local LAN computers
      b66b2771-5fe5-4bf7-bd73-cc3165b31a9b-image.png

      But I can ping tunnel gateway IP addresses
      3259f7b1-a981-4dfc-a9fa-2938f61e8eef-image.png

      Server side firewall rules
      1149d146-fd58-4967-aa59-a5184c94b94e-image.png

      Client Side Firewall rules
      a3d76854-3679-48fb-b402-0c0e4388548d-image.png

      Client side routing
      828dd91c-d75b-4111-a4e9-80a79c441190-image.png

      I have tried all possible things to fix this. Any help would be greatly appreciated. Thank you.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Sebastian_IT
        last edited by

        @Sebastian_IT said in Site to Site OpenVPN - Unable to ping remote subnet from local LAN:

        Local network Range - 10.0.1.1/24
        Remote network Range - 10.1.0.1/24
        Tunnel network range - 10.2.0.1/24

        No one of these is a network address! These are IP addresses.
        So edit you firewall rules and set correct network addresses as source and destination.

        BTW: In you firewall rule on server and client you have exactly the same address in source and destination. That doesn't make in sense at all.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.