Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN clients can't ping

    OpenVPN
    4
    11
    79
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NumberOfOnions last edited by

      Hi all,

      I'm trying to connect between 2 sites. The sites show as connected. I can ping from pfsense when its set to the OpenVPN client. When setting to LAN, etc, no ping response. I've followed this guide and this one as well.

      Does anyone have an idea where to look next? I'm on day ??? at this point with no luck. Any ideas? I've tried outbound nat rules as well.

      Thanks in advance

      chpalmer 1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        You're presumably missing the route.

        Are you able to ping a device in the remote LAN, when you set the ping source to OpenVPN?
        If so, check on the remote site (site B) if there is the "Remote Networks" box filled in correctly. You have to enter the site A LAN network(s) there.

        1 Reply Last reply Reply Quote 0
        • N
          NumberOfOnions last edited by NumberOfOnions

          Sort of. I can ping the pfsense address for the lan IE 10.1.1.1 from the other pfsense box but can't ping clients on the other network. For the remote networks box, I have the opposites filled in. Also in the route table I see the CIDRs pointing to the tunnel...

          10.1.1.0/24
          Remote Networks: 10.1.2.0/24

          10.1.2.0/24
          Remote Networks: 10.1.1.0/24

          1 Reply Last reply Reply Quote 0
          • V
            viragomann last edited by

            Are both pfSense boxes the default gateways in their respective LAN?

            N 1 Reply Last reply Reply Quote 0
            • N
              NumberOfOnions @viragomann last edited by

              @viragomann Yes

              1 Reply Last reply Reply Quote 0
              • V
                viragomann last edited by

                I assume you have firewall rule in place to allow access. But whats about the clients firewall? Maybe it blocks access from outside its own subnet, which is mostly the default settings.

                N 1 Reply Last reply Reply Quote 0
                • N
                  NumberOfOnions last edited by

                  This post is deleted!
                  1 Reply Last reply Reply Quote 0
                  • N
                    NumberOfOnions @viragomann last edited by

                    @viragomann Yep, they are set to allow all.

                    1 Reply Last reply Reply Quote 0
                    • Derelict
                      Derelict LAYER 8 Netgate last edited by

                      Can you ping the far side LAN interface address? If you can and you can't ping hosts on the LAN it is because there is a firewall on the target host itself. Think Windows Firewall.

                      Chattanooga, Tennessee, USA
                      The pfSense Book is free of charge!
                      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      N 1 Reply Last reply Reply Quote 0
                      • chpalmer
                        chpalmer @NumberOfOnions last edited by

                        This post is deleted!
                        1 Reply Last reply Reply Quote 0
                        • N
                          NumberOfOnions @Derelict last edited by NumberOfOnions

                          @Derelict Only from pfsense. Not from any clients. The routes show up in the pfsense route table with the gateway as the tunnel link address. Could it be an issue that the default destination is at the top of the entire list? Another interesting thing is that a trace route command to the other side of the tunnel gets only as far as the local gateway on the side you are trace routing from.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post