Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OPENVPN site-to-site LOCAL/AWS doesnt ping between hosts only between pfsenses

    OpenVPN
    2
    4
    229
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FernandoScheffel
      last edited by

      Hey guys!

      I am facing a problem in the site-to-site OPENVPN configuration with PFSENSE, describing in an objective way it would be the following:

      From PFSENSE on AWS I can ping my entire local network and from PFSENSE on my local network I can ping my entire network on AWS but when I use a host inside the AWS network or a host inside my local network I can't ping from one side of the VPN To the other.

      I took a machine on my local network (192.168.15.27) and gave a tracert to a machine on the AWS network 172.31.9.211. The packet went to the PFSENSE of my local network, went to the 10.0.0.1 tunnel, arrived at the AWS PFSENSE (I looked through the firewall log) and got lost there. The same is true in reverse.

      I did a tcpdump to check deeper, here is a part of the log

      (PING FROM A HOST BEHIND LOCAL NETWORK)
      22:28:40.328453 AF IPv4 (2), length 64: (tos 0x0, ttl 127, id 39316, offset 0, flags [none], proto ICMP (1), length 60)
      192.168.15.27 > 172.31.9.211: ICMP echo request, id 1, seq 712, length 40
      No reply has seen

      (PING FROM PFSENSE)
      22:28:46.079359 AF IPv4 (2), length 88: (tos 0x0, ttl 64, id 32037, offset 0, flags [none], proto ICMP (1), length 84)
      10.0.0.2 > 172.31.9.211: ICMP echo request, id 6757, seq 0, length 64
      Here i got a ICMP reply

      What I can see is that when I do it directly from PFSENSE it uses the tunnel IP as source and it works. But when I use a host inside the network to ping, it doesn't work. But being a site-to-site it should work, doesnt?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @FernandoScheffel
        last edited by

        @fernandoscheffel said in OPENVPN site-to-site LOCAL/AWS doesnt ping between hosts only between pfsenses:

        I did a tcpdump to check deeper, here is a part of the log

        On which site, which interface?

        F 1 Reply Last reply Reply Quote 0
        • F
          FernandoScheffel @viragomann
          last edited by

          @viragomann The packet monitor is from server side on openvpn interface.

          The packet that comes from a host in the client site reach at server side with IP 192.168... and drop. If comes from pfsense, reach at the server side with IP 10.0.0.2 (client tunel ip) and get response.

          1 Reply Last reply Reply Quote 0
          • F
            FernandoScheffel
            last edited by

            I solved the problem creating a NAT Outbound rule in my pfsense server to translate local IP to tunnel IP

            1 Reply Last reply Reply Quote 0
            • First post
              Last post