LAN side PC's cannot ping remote OpenVPN clients (solved)
-
However, OpenVPN Clients ping successfully all LAN PC's.
From pfSense internal shell, local and remote PC's respond successfully to ping.
Current pfSense network structure:
ISP router IP: 192.168.0.1 pfSense WAN IP: 192.168.0.35 169 -> OpenVPN Tunnel Network: 192.168.169.0/24 (with permission to access network 192.168.170.0/24) 170 -> LAN Network: 192.168.170.0/24 pfSense OpenVPN IP: 192.168.169.1 pfSense LAN IP: 192.168.170.50
Users also have OpenVPN Client Specific Overrides to assign them static IP in subnet 192.168.169.x
Route tables in LAN PC's are:
192.168.169.0 mask 255.255.255.0 192.168.170.50 192.168.170.0 mask 255.255.255.0 192.168.170.50
pfSense IPv4 Routes are:
Destination Gateway Flags Use Mtu Netif Expire default 192.168.1.1 UGS 1717932 1500 em0 127.0.0.1 link#5 UH 414 16384 lo0 192.168.1.0/24 link#1 U 16419 1500 em0 192.168.1.35 link#1 UHS 0 16384 lo0 192.168.169.0/24 192.168.169.2 UGS 1711 1500 ovpns1 192.168.169.1 link#8 UHS 0 16384 lo0 192.168.169.2 link#8 UH 0 1500 ovpns1 192.168.170.0/24 link#3 U 29465 1500 em2 192.168.170.50 link#3 UHS 0 16384 lo0
Why can devices from 192.168.169.x ping to 192.168.170.y devices, but not reversely?
What kind of rule/option should I check to allow it?
-
Show your LAN Firewall Rules (screenshot).
Your LAN clients use pfSense as their gateway?
Did you try with the client Firewall turned off?-Rico
-
Did you try with the client Firewall turned off?
No...
That was the solution, in both sides of the connection, and affecting ping and file sharing. Thank you very much for your time.
-
Glad you have it working now.
Adjust your Client Firewall and turn it back on.-Rico