• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OPENVPN site-to-site LOCAL/AWS doesnt ping between hosts only between pfsenses

Scheduled Pinned Locked Moved OpenVPN
5 Posts 3 Posters 747 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    FernandoScheffel
    last edited by Jul 6, 2021, 1:22 PM

    Hey guys!

    I am facing a problem in the site-to-site OPENVPN configuration with PFSENSE, describing in an objective way it would be the following:

    From PFSENSE on AWS I can ping my entire local network and from PFSENSE on my local network I can ping my entire network on AWS but when I use a host inside the AWS network or a host inside my local network I can't ping from one side of the VPN To the other.

    I took a machine on my local network (192.168.15.27) and gave a tracert to a machine on the AWS network 172.31.9.211. The packet went to the PFSENSE of my local network, went to the 10.0.0.1 tunnel, arrived at the AWS PFSENSE (I looked through the firewall log) and got lost there. The same is true in reverse.

    I did a tcpdump to check deeper, here is a part of the log

    (PING FROM A HOST BEHIND LOCAL NETWORK)
    22:28:40.328453 AF IPv4 (2), length 64: (tos 0x0, ttl 127, id 39316, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.15.27 > 172.31.9.211: ICMP echo request, id 1, seq 712, length 40
    No reply has seen

    (PING FROM PFSENSE)
    22:28:46.079359 AF IPv4 (2), length 88: (tos 0x0, ttl 64, id 32037, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.0.2 > 172.31.9.211: ICMP echo request, id 6757, seq 0, length 64
    Here i got a ICMP reply

    What I can see is that when I do it directly from PFSENSE it uses the tunnel IP as source and it works. But when I use a host inside the network to ping, it doesn't work. But being a site-to-site it should work, doesnt?

    V 1 Reply Last reply Jul 6, 2021, 4:18 PM Reply Quote 0
    • V
      viragomann @FernandoScheffel
      last edited by Jul 6, 2021, 4:18 PM

      @fernandoscheffel said in OPENVPN site-to-site LOCAL/AWS doesnt ping between hosts only between pfsenses:

      I did a tcpdump to check deeper, here is a part of the log

      On which site, which interface?

      F 1 Reply Last reply Jul 6, 2021, 5:04 PM Reply Quote 0
      • F
        FernandoScheffel @viragomann
        last edited by Jul 6, 2021, 5:04 PM

        @viragomann The packet monitor is from server side on openvpn interface.

        The packet that comes from a host in the client site reach at server side with IP 192.168... and drop. If comes from pfsense, reach at the server side with IP 10.0.0.2 (client tunel ip) and get response.

        1 Reply Last reply Reply Quote 0
        • F
          FernandoScheffel
          last edited by Jul 12, 2021, 4:36 PM

          I solved the problem creating a NAT Outbound rule in my pfsense server to translate local IP to tunnel IP

          M 1 Reply Last reply Mar 1, 2025, 9:43 PM Reply Quote 0
          • M
            mger88 @FernandoScheffel
            last edited by Mar 1, 2025, 9:43 PM

            @FernandoScheffel said in OPENVPN site-to-site LOCAL/AWS doesnt ping between hosts only between pfsenses:

            I solved the problem creating a NAT Outbound rule in my pfsense server to translate local IP to tunnel IP

            I'm having a similar problem.

            Can you give an example of how your configuration looks in pfsense?

            I tried to reproduce it but I think I'm making a mistake in some detail.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              [[user:consent.lead]]
              [[user:consent.not_received]]