Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Bidirectional tun not pinging both ways

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 586 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dimitri21
      last edited by dimitri21

      Hey,

      I have an application that I use for road warriors that patches their 3rd party apps Long story short, this app pings remote IPs, and of its online, it will push updates to it.

      The openVPN connect, connects fine, I'm able to ping my patching server.

      I cannot ping the client from the patching server, however. The patching server is a virtual VM on vmware, same as the pfsense router, same hardware. The Cable Modem connects directly to this baremetal box and pfsense grabs the WAN IP off the ethernet interface. Nothing in-between.

      Firewall is wide open .. * and any for testing purposes.

      On the open VPN server setting:
      Redirect ipv4 gateway - force all ipv4 client-generated ipv4 traffic through tunnel is checked

      IPv4 tunnel network 192.168.70.0/24

      inter-client communication is checked.

      duplicate connection is checked.

      block outside dns is checked.

      force dns cache update and netbios enable is checked.

      I put the win 10 openVPN connect v3 tap/tun adapter on the client in a private network and also enabled ping, I'm able to ping the client just fine from the lan it sits on. I've also tried adding a static route on the patching server (windows server 2022)
      IP: 71.110 (vlan 71)
      Static Route:
      192.168.70.0 MASK 255.255.255.0 192.168.70.1

      192.168.70.1 is the gateway for the openvpn clients (70.0/24 subnet)

      I'm still unable to ping the client from the patching server but can ping patching server from openvpn client. Also clients can't ping other openvpn clients so 70.2 can't ping 70.3.

      A route does show up on the clients stating to make 71.x traffic go through the 70.x ip address.

      Any ideas?

      D 1 Reply Last reply Reply Quote 0
      • D
        dimitri21 @dimitri21
        last edited by

        @dimitri21 nevermind it was the windows firewall.

        Powershell

        New-NetFirewallRule -DisplayName "Allow inbound ICMPv4 from Patch Svr" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -RemoteAddress 192.168.71.110 -Action Allow

        I solved it by having a constant ping to my client and noticed the openVPN traffic spiked on the client but no reply. So I assumed it was the client. Then I turned off the firewall and had ping. I then noticed the scope ip range for a private network is only the local subnet, not the patching server. I then added the patching server ip address in and turned on the firewall and I didn't lose ping. I then decided rather then figuring out which profile its in, rather to add specific firewall rules just for the patching server only.

        Hope this helps someone.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.