OVPN client can't reach some LAN clients.



  • Was browseing this great forum here, but still couldn't find the right answer to my problem.

    My setup goes as followed:
    pfsense witn rl0(WAN), rl1(192.168.0.0/24), rl2(10.129.28.0/24).
    OVPN Address pool: (192.168.100.0) Local network (10.129.28.0/24)
    OVPN clients have a [push "route 192.168.0.0 255.255.255.0"

    So here comes to strange part. I can connect to the [b]rl1 and rl2 subnets but can ping only certan machines on these networks.
    Lets say I ping 192.168.0.205 from the OVPN client 192.168.100.2, it gets a reply but 192.168.0.206 times out. If I VNC to 192.168.0.205 and ping from there 192.168.0.206 it gets a reply. It's the same with the rl2 subnet.

    I have time 'till Friday to setup a working rig  ::)



  • The pfSense box is the OVPN server and is the only gateway on the network? All of machines on rl1 and rl2 use the pfSense box as a gateway, and don't have any other NICs (including wireless) in them?



  • pfsense is the OVPN server. The machines on rl2 have a different GW.

    pfSense sits on a SDSL WAN connection. I have 2 subnets where rl1 goes through the SDSL WAN connection and rl2 goes through a different WAN connection.



  • I looks like routing problem..
    would be good verify if there is some custom routing on those machines you can not access from pfsense and their default gw settings (may be some of them have manually configured gw or - as it was mentioned eralier - two NICs and some issues with double default routing, especially if it is vista or windows7) Or may be inaccessible hosts just firewalled and do not allow some incoming  traffic?
    and at last - tcpdump on all hops on the path to see where traffic actually goes.



  • can you vnc to 192.168.0.206 ? and ping back to 192.168.0.205, also what about windows firewall is it diabled on both computers , are the computers on the same switch or different switches


Log in to reply