LAN side PC's cannot ping remote OpenVPN clients (solved)

Osquir

However, OpenVPN Clients ping successfully all LAN PC's.

From pfSense internal shell, local and remote PC's respond successfully to ping.

Current pfSense network structure:

ISP router IP:      192.168.0.1
pfSense WAN IP:     192.168.0.35

169 -> OpenVPN Tunnel Network: 192.168.169.0/24
       (with permission to access network 192.168.170.0/24)
170 -> LAN Network:            192.168.170.0/24

pfSense OpenVPN IP: 192.168.169.1
pfSense LAN IP:     192.168.170.50

Users also have OpenVPN Client Specific Overrides to assign them static IP in subnet 192.168.169.x

Route tables in LAN PC's are:

192.168.169.0   mask 255.255.255.0   192.168.170.50
192.168.170.0   mask 255.255.255.0   192.168.170.50

pfSense IPv4 Routes are:

Destination         Gateway         Flags   Use     Mtu     Netif   Expire
default             192.168.1.1     UGS     1717932 1500    em0 
127.0.0.1           link#5          UH      414     16384   lo0 
192.168.1.0/24      link#1          U       16419   1500    em0 
192.168.1.35        link#1          UHS     0       16384   lo0 
192.168.169.0/24    192.168.169.2   UGS     1711    1500    ovpns1  
192.168.169.1       link#8          UHS     0       16384   lo0 
192.168.169.2       link#8          UH      0       1500    ovpns1  
192.168.170.0/24    link#3          U       29465   1500    em2 
192.168.170.50      link#3          UHS 0   16384   lo0

Why can devices from 192.168.169.x ping to 192.168.170.y devices, but not reversely?

What kind of rule/option should I check to allow it?

Rico

Show your LAN Firewall Rules (screenshot).
Your LAN clients use pfSense as their gateway?
Did you try with the client Firewall turned off?

-Rico

Osquir

@Rico

Did you try with the client Firewall turned off?

No...

That was the solution, in both sides of the connection, and affecting ping and file sharing. Thank you very much for your time.

Rico

Glad you have it working now.
Adjust your Client Firewall and turn it back on.

-Rico