Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    please help with openvpn

    Scheduled Pinned Locked Moved OpenVPN
    13 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vnkvnk
      last edited by

      Hello,
      New to pfsense.
      installed on pc, connected to the internet.
      Trying to set up OpenVPN.
      My configuration is:
      pfsense has 192.168.1.1. and three computers connected to pfsense: 192.168.1.100, 192.1681.101 and 192.1681.102. On 1.100 shared a folder, can browse from 1.101 and 1.102 no issue. All 3 computers could ping in any direction.
      Setup a OpenVPN based on
      https://www.youtube.com/watch?v=7rQ-Tgt3L18
      Tunnel network 192.168.3.0/24 - local network 192.168.1.0/24
      on another network installed client and can connect to pfsense OpenVPN server.
      on remote PC getting IP 192.168.3.2, as expected.
      BUT, from remote PC can ping 192.168.1.1 and 192.168.1.101, but cannot 1.100 and 1.102
      1.100 - Win7, 1.102 and 1.102 are Win10
      What I am missing here? Please help
      TIA

      GertjanG 2 Replies Last reply Reply Quote 0
      • S
        striker-pl
        last edited by

        have you checked the firewalls on those PC's, they could potentially be blocking the traffic by seeing it as outside your internal network.

        V 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @vnkvnk
          last edited by Gertjan

          @vnkvnk said in please help with openvpn:

          What I am missing here?

          What about an official, recent video, from the official source ? One came out a couple of weeks ago.
          Yours is using a - very - old version of pfSense. That's like explaining Windows 10 with Windows 8 examples.

          Here : Youtube => Netgate !!

          Check out also all the OpenVPN (server) videos from Youtube => Videos

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          V 1 Reply Last reply Reply Quote 0
          • V
            vnkvnk @Gertjan
            last edited by

            @Gertjan Hi
            I agree, the video I used is a little older, but everything in the setup is the same, no difference.
            Thanks for the link, I will do more studies, but so far I am stack with VPN and I do need it. Unless I will find myself or someone could help me, there is no sense for me to continue. Especially, if there is my error in the setting - I need to find it. If it is a glitch (one, with IP changing I already found) I am not sure I would like to learn it.

            Anyway, thank you

            1 Reply Last reply Reply Quote 0
            • V
              vnkvnk @striker-pl
              last edited by

              @striker-pl Nothing special in my firewall. The machine with win 7, the one I cannot ping even does not have any antivirus software.

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @vnkvnk
                last edited by Gertjan

                @vnkvnk said in please help with openvpn:

                Tunnel network 192.168.3.0/24 - local network 192.168.1.0/24

                What about setting :

                06334d28-95e4-48c9-bdde-2547427ce7cd-image.png

                so not more local networks to set.

                @vnkvnk said in please help with openvpn:

                BUT, from remote PC can ping 192.168.1.1 and 192.168.1.101, but cannot 1.100 and 1.102
                1.100 - Win7, 1.102 and 1.102 are Win10

                Time to Diagnostics Packet Capture on the LAN interface for ICMP.
                If 1.100 replies : ICMP arrives at LAN. It would be logic to think that if 1.100 arrives, 1.101 and 1.102 will also arrive.

                What are your firewall rules here :

                65dca2dd-2e3a-41d3-8a18-025dd0d042dc-image.png

                The OPENVPN and OpenVPN tabs ?

                And, as @vnkvnk : the WIN machines that don't work : their network is set to "public" (non trusted) or "home" (trusted) ?

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • V
                  vnkvnk
                  last edited by

                  Hi All
                  ok, did a few back and force changes.
                  Started from scratch. Pfsense just after factory default,
                  to the pfsense connected 3 computers
                  192.168.1.100 - win7, work network,
                  192.168.1.167. win10, private network
                  192.168.1.169, win7, work network
                  all 3 computers ping no issue

                  recorded all configuration, I hope it will work
                  https://drive.google.com/file/d/1pLlafiVl79J8daTMoDnzTkF9gTphoZJi/view

                  all firewall rules are here
                  https://drive.google.com/file/d/1kIvybUFL2JC6_1XJDQpMUg0SIRDhs9Ak/view?usp=sharing

                  installed client, connected. Can ping 192.168.1.1(pfsense), 1.67(win10) and 1.69(win7), cannot 192.168.1.100(win7)
                  https://drive.google.com/file/d/14DZrhwZIUR2Z8T18K1HB7U2pFcCtY09n/view?usp=sharing

                  Any idea?
                  Thanks

                  1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan
                    last edited by

                    Last video, your Client VPN PC : what is it's local IP address and mask ?

                    Can you ping 100/167/169 from pfSense ? Use the Console (SSH !) access, option 8 and ping.

                    test with : Diagnostics > Packet Capture
                    and select :
                    d33bb9bf-82dc-424e-bbab-9850ce69a41b-image.png

                    and redo the ping test. Packets should be on LAN for the 3 PC's.

                    Like :

                    07:03:47.037767 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 49236, seq 0, length 64
                    07:03:48.038539 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 49236, seq 1, length 64
                    07:03:49.039552 IP 192.168.1.1 > 192.168.1.2: ICMP echo request, id 49236, seq 2, length 64
                    07:03:51.255089 IP 192.168.1.1 > 192.168.1.3: ICMP echo request, id 9528, seq 0, length 64
                    07:03:51.255577 IP 192.168.1.3 > 192.168.1.1: ICMP echo reply, id 9528, seq 0, length 64
                    07:03:52.255553 IP 192.168.1.1 > 192.168.1.3: ICMP echo request, id 9528, seq 1, length 64
                    07:03:52.256001 IP 192.168.1.3 > 192.168.1.1: ICMP echo reply, id 9528, seq 1, length 64
                    07:03:53.256534 IP 192.168.1.1 > 192.168.1.3: ICMP echo request, id 9528, seq 2, length 64
                    07:03:53.256927 IP 192.168.1.3 > 192.168.1.1: ICMP echo reply, id 9528, seq 2, length 64
                    07:03:54.257576 IP 192.168.1.1 > 192.168.1.3: ICMP echo request, id 9528, seq 3, length 64
                    07:03:54.258099 IP 192.168.1.3 > 192.168.1.1: ICMP echo reply, id 9528, seq 3, length 64
                    

                    Where PC 192.168.1.2 is shut down - a request, send from pfSEnse, but no replies.
                    PC 192.168.1.3 is awake,there are requests as there are replies.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    V 1 Reply Last reply Reply Quote 0
                    • V
                      vnkvnk @Gertjan
                      last edited by

                      @Gertjan
                      here are a screens from the client
                      not connected yet
                      ec35e800-8412-484a-bf29-163e63c06a34-image.png
                      next, connected

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        vnkvnk @vnkvnk
                        last edited by

                        @vnkvnk
                        next, connected
                        da2f7f2a-356f-4d9a-b5d0-058350d19485-image.png

                        pings from client
                        af3f0308-5925-40f9-8ea1-09331bc9025d-image.png

                        ping from ssh is fine

                        1bad562a-efee-43f5-8f4a-1e634f969f29-image.png

                        packet capture to 1.167 - ping is fine and 1.100 not, packets looks identical to me
                        6971bc60-ad65-490b-8689-dc9bc8bc0c89-image.png

                        yesterday I used another computer as a client. the same issue with ping

                        Thanks

                        1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan
                          last edited by

                          @vnkvnk said in please help with openvpn:

                          yesterday I used another computer as a client. the same issue with ping

                          Same issue : go or no go ?

                          Because ping to "167" works, we know they are send over the VPN, out of pfSense VPN server into the pfSense LAN.
                          If "100" doesn't reply, this is because it doesn't receive a ping OR it doesn't want to reply a ping.
                          "100" is using a cable ( ! ) connection like "167", right ? Nothing but a dumb switch separates "100" and "167" ?
                          If so, I'm pretty sure "100" is firewalling. Easy to proof : prepare an (free)-OS-on-a-USB-stick. Disconnect the hard drive of the "100" PC (de-activate hard drive in BIOS will do == no risk) - boot from USB stick, have it activate it's DHCP client and use the onboard NIC : it will have an IP, you would be able to ping it.

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          V 1 Reply Last reply Reply Quote 0
                          • V
                            vnkvnk @Gertjan
                            last edited by

                            @Gertjan I agree, the vpn is connected since 167 is fine.
                            And I could assume 100 is "blocking" ping. Even more info: 168.168.3.2(client) and 192.168.1.167 can ping and tracert; 3.2 and 1.100 - cannot treacert too, while 1.100 and 1.167 - are absolutely fine. So, 1.100 could communicate with any PC on pfsense side, but not trough pfsense to client.
                            Also, I did another test - instead of pfsense I tested with old Cisco RV042. set up PPTP firewall, used the same computers for hardware, even IP used the same. On the client pc windows VPN, just user and password. All is as expected, all 3 computers are pinging each other.
                            PS. on "problematic" computer 1.100, just for curiosity changed manually IP to 1.168 - no magic happens

                            1 Reply Last reply Reply Quote 0
                            • GertjanG
                              Gertjan
                              last edited by

                              @vnkvnk said in please help with openvpn:

                              Even more info

                              Using the pfSense - GUI access : does "100" reply to ping ?
                              From "167" : "100" replies to ping ? Or better, can you see and your network resources exposed by "100" on "167" ?

                              @vnkvnk said in please help with openvpn:

                              changed manually IP to 1.168

                              When doing so - chanting the IP, check / set also the gateway IP, idem for the DNS IP, you can find these on the other tabs.. The last two should be the IP of pfSense.

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.