Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense network can ping LAN gateway but can't ping (or rdp or anything) lan clients

    Scheduled Pinned Locked Moved
    OpenVPN
    3
    6
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Raff 0
      last edited by

      I know there's been a lot of threads about this topic but despite of all the information I gathered from the forum, I can't still make my simple network works in pinging or RDP clients in pfsense LAN from the OpenVPN server.

      That is:

      Network structure
      ISP internet provider router (X.XX.XX.XX - Public IP and 192.168.1.0 internal DHCP for connected clients) so that -> 192.168.1.3 is pfSense WAN with 192.168.1.1 as DNS Server and as default gateway) and -> 10.20.0.1 is pfSense LAN.

      The VMs are running in vmWare ESXi 7 and they are

      • pfSense with 2 nics, one connected on 192.16.1.1 (WAN) and the second on 10.20.0.1 (LAN)
        Two LAN clients:
      • Win Srv 2019 (10.20.0.101)
      • Ubuntu 20.04 client (10.20.0.201)

      LAN clients (such as 10.20.0.101) they can reach the internet having DNS 192.168.1.1, and having 10.20.0.1 as gateway)

      So far so good.

      Then I set up a VPN Server on pfSense. Open VPN tunnel network is 10.21.0.0/24 with 10.21.0.1 as Server. pfSense LAN is 10.20.0.0/24.

      Setting up the all the environment makes me connect to the VPN, giving to the openVPN's client a correct 10.21.0.2 IP address and make the client ping both the OpenVPN server (10.21.0.1) and the pfSense LAN (10.20.0.1).

      However the OpenVPN's client (10.21.0.2) can't ping 10.20.0.101. It can ping 10.21.0.1 (Open VPN Server), can ping 10.20.0.1 (Internal LAN pfSense master/gateway) but it can't ping any of the clients: pinging 10.20.0.101 is not working.

      Rules any to any are set in the LAN, WAN and OpenVPN firewall.
      I also checked firewall logs, but looks like the pfsense firewall is not blocking (nothing meaningful in the log).
      The local firewall on the target VM (10.20.0.101 - Win 2019 Server) is disabled for testing porpose.

      I messed around with firewall rules, enabling any to any or more specific connections rules but still I can't ping or RDP from an OpenVPN client to any host on the pfSense LAN network.

      I'm obviously looking for a solution but I also like a step by step procedure to debug the issue by checking all the steps one by one.

      Summary:
      I can ping from an OpenVPN client 10.20.0.1
      I can ping from an OpenVPN client 10.21.0.1
      I can't ping from an OpenVPN client 10.21.0.101

      1 Reply Last reply Reply Quote 0
      • R
        Raff 0
        last edited by

        P.S.: pinging from the pfSense's diagnostic tools, I can ping 10.20.0.1 and 10.21.0.1 from OpenVPN interface, as well as from WAN and LAN interfaces.
        Can't ping LAN's client 10.20.0.101 from any of these interfaces

        1 Reply Last reply Reply Quote 0
        • F
          fellymar
          last edited by

          Hi,
          I tried with pfsense 2.5.0 and 2.5.1 and I'm having same issue, openVPN is connecting but no connection to LAN.

          pfsense 2.4.5 with same openVPN configuration is working.

          Awaiting yours.

          Thank you.

          Mario

          T 1 Reply Last reply Reply Quote 0
          • T
            ThatGuy @fellymar
            last edited by ThatGuy

            I know this is several days old but I too can confirm this is an issue. My assumptions is that @Raff-0 is using mismatched versions of pfsense. One being 2.5.1 and the other being something else…could be 2.4.5.

            I wanted to get a NAS tested for a client installed and replicate it. The client is running pfSense 2.4.5 (OpenVPN Server) and my office is running 2.5.1 (OpenVPN client). Routed IPv4 remote traffic does NOT pass between the VPN. VPN tunnel network is fine but not traffic to the remote network.

            I have a hunch the problem is not with the new version of pfSense but the newer version of OpenVPN that runs on pfSense 2.5.1. If using 2.5.1 at both main and satellite locations traffic passes perfectly. You just can’t use mismatched versions like in the past. There are a lot more and different configuration settings in the new OpenVPN and this probably has something to do with it. I've actually had to update some of my tutorials due to all those new settings.

            ThatGuy

            R 1 Reply Last reply Reply Quote 0
            • R
              Raff 0
              last edited by

              I actually ended up in fixing the issue.
              Since I've been doing a lot of attemps, I'm not 100% sure of what finally worked. What seems to be the most important is that I've added a push route to the OpenVpn Sever on pfsense (based on the example I posted):

              push "route 10.20.0.101 255.255.255.0"; push "route 10.20.0.201 255.255.255.0"; push "route 10.20.0.1 255.255.255.0"

              Let me know if it works

              1 Reply Last reply Reply Quote 0
              • R
                Raff 0 @ThatGuy
                last edited by

                @thatguy
                Probably you meant 'fellymar is using mismatched versions'.
                I've only one version that is 2.5.1-RELEASE (amd64)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post